Re: [Full-Disclosure] Vulnerability (critical): Digital signature for Adobe Acrobat/Reader plug-in can be forged

From: Melvyn Sopacua (msopacua@idg.nl)
Date: 03/24/03

  • Next message: SGI Security Coordinator: "[Full-Disclosure] Multiple Vulnerabilities and Enhancements in ftpd on IRIX" 
    To: Vladimir Katalov <vkatalov@elcomsoft.com>
From: Melvyn Sopacua <msopacua@idg.nl>
Date: Mon, 24 Mar 2003 18:03:15 +0100

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    At 13:02 3/24/2003, Vladimir Katalov wrote:

    > However, the implementation of certification mechanism is weak, and
    > it is
    > easy to write a plug-in that will look like one certified by Adobe,
    > and so
    > will be loaded even in 'trusted' mode. Such plug-in can execute ANY
    > code
    > -- i.e. perform file operations (read/write/execute), access Windows
    > Registry etc.

    [ ... ]

    > 3. 'Trusted' mode is activated automatically by Adobe Acrobat/Reader
    > when it loads documents that are protected using various DRM
    > (Digital
    > Rights Management) schemes such as WebBuy, InterTrust DocBox etc --
    > to
    > prevent protected contect from being saved with protection stripped.
    > However, a plug-in with 'fake' certificate can be loaded anyway, and
    > so it will be able to do anything with DRM-protected documents, e.g.
    > altering or removing security options.

    Q: how is the chicken and egg problem circumvented here? Social
    Engineering?
    Or is there a similar mechaniscm like HTML Object tags, where plugin
    urls are
    embedded in the document and (semi-) automically installed?

    Met vriendelijke groeten / With kind regards,

    Webmaster IDG.nl
    Melvyn Sopacua

    <@JE> Hosting: $5 per month. Domain name: $15, your site being down
    twice a week: Priceless.
    http://www.bash.org/?42663

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.2.1 (MingW32)

    iD8DBQE+fzkHG6UQjZVtCO8RAmu8AJ0ddu32EV/rxC6sfwji4xqs/X/bhgCfeVNM
    02vJtNDK5QG1GgiZ2Yb9azY=
    =Rq8n
    -----END PGP SIGNATURE-----

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html

  • Next message: SGI Security Coordinator: "[Full-Disclosure] Multiple Vulnerabilities and Enhancements in ftpd on IRIX"

    Relevant Pages

    • Internet Explorer extension and trusted certificate
      ... When writing a IE browser extension and/or plug-in, ... an https site whose certificate is not trusted ... at a later time, my plug-in encounters ... is there a way for me to grab those certs so ...
      (microsoft.public.windows.inetexplorer.ie6.browser)
    • Re: what is the differences between whole house surge protectors?
      ... A plug-in suppressor protects the TV connected to it. ... guide says "the only effective way of protecting the equipment is to use ... also install protection connecting lightning to earth: ... suppressors are effective. ...
      (alt.home.repair)
    • Re: Lightening & laptop
      ... profitable plug-in protectors. ... My only association with surge protectors is I have some. ... protection must use earthing. ... explains plug-in suppressors work by CLAMPING the voltage on all wires ...
      (microsoft.public.windowsxp.help_and_support)
    • Re: Surge Protector
      ... Bud is a sales promoter for plug-in protectors. ... protection must directly use earthing. ... If poor w_ could only read and think he could discover what the IEEE ... The IEEE guide explains plug-in suppressors work by CLAMPING ...
      (rec.sport.football.college)
    • Re: MOVs and surge suppressors
      ... “The IEEE guide explains plug-in suppressors work by CLAMPING the voltage on all wires to the common ground at the suppressor. ... Plug-in suppressors do not work primarily by earthing. ... that provides protection - earth ground:.... ...
      (sci.electronics.basics)