[29523] in bugtraq
Re: Vulnerability (critical): Digital signature for Adobe Acrobat/Reader plug-in can be forged
daemon@ATHENA.MIT.EDU (Dan Harkless)
Thu Mar 27 20:36:08 2003
Message-Id: <200303261835.h2QIZD6g027059@www.harkless.org>
From: "Dan Harkless" <bugtraq@harkless.org>
To: bugtraq@securityfocus.com
In-Reply-To: Message from Vladimir Katalov <info@elcomsoft.com>
of "Mon, 24 Mar 2003 14:48:58 +0300." <4616369097.20030324144858@elcomsoft.com>
Date: Wed, 26 Mar 2003 10:35:13 -0800
Vladimir Katalov <info@elcomsoft.com> writes:
> We were able to write a 'fake' plug-in "fakecert.api" which does
> nothing, but being loaded by Adobe Acrobat (and Reader) 4 and 5
> as the certified one even in 'trusted' mode, though we don't have
> a 'Reader Integration Key' (this plug-in has been provided only to
> Adobe and CERT). When installed into 'plug_ins' subfolder, plug-in
> is being loaded every time when Adobe Acrobat (or Reader) starts, and
> shows a simple message box.
For those of us not familiar with Acrobat plugins, is there some facility
for the program retrieving/installing plugins automatically, or, to exploit
this would you need to entice a user to manually place your .api file in
their "plug_ins" directory (or run an installer program that would do so, in
which case you could run arbitrary code anyway in the installer)?
--
Dan Harkless
bugtraq@harkless.org
http://harkless.org/dan/
