lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <5.1.0.14.2.20030324170720.05cded68@yoshimo.webtechs.idg.nl>
From: msopacua at idg.nl (Melvyn Sopacua)
Subject: Vulnerability (critical): Digital
  signature for Adobe Acrobat/Reader plug-in can be forged



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

At 13:02 3/24/2003, Vladimir Katalov wrote:


>   However, the implementation of certification mechanism is weak, and
>   it is
>   easy to write a plug-in that will look like one certified by Adobe,
>   and so
>   will be loaded even in 'trusted' mode. Such plug-in can execute ANY
>   code
>   -- i.e. perform file operations (read/write/execute), access Windows
>   Registry etc.

[ ... ]

>   3. 'Trusted' mode is activated automatically by Adobe Acrobat/Reader
>   when it loads documents that are protected using various DRM
>   (Digital
>   Rights Management) schemes such as WebBuy, InterTrust DocBox etc --
>   to
>   prevent protected contect from being saved with protection stripped.
>   However, a plug-in with 'fake' certificate can be loaded anyway, and
>   so it will be able to do anything with DRM-protected documents, e.g.
>   altering or removing security options.

Q: how is the chicken and egg problem circumvented here? Social
Engineering?
Or is there a similar mechaniscm like HTML Object tags, where plugin
urls are
embedded in the document and (semi-) automically installed?

Met vriendelijke groeten / With kind regards,

Webmaster IDG.nl
Melvyn Sopacua

<@JE> Hosting: $5 per month. Domain name: $15, your site being down
twice a week: Priceless.
http://www.bash.org/?42663

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (MingW32)

iD8DBQE+fzkHG6UQjZVtCO8RAmu8AJ0ddu32EV/rxC6sfwji4xqs/X/bhgCfeVNM
02vJtNDK5QG1GgiZ2Yb9azY=
=Rq8n
-----END PGP SIGNATURE-----
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20030324/bc9a9cb9/attachment.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ