Vladimir Katalov <info (at) elcomsoft (dot) com [email concealed]> writes:
> We were able to write a 'fake' plug-in "fakecert.api" which does
> nothing, but being loaded by Adobe Acrobat (and Reader) 4 and 5
> as the certified one even in 'trusted' mode, though we don't have
> a 'Reader Integration Key' (this plug-in has been provided only to
> Adobe and CERT). When installed into 'plug_ins' subfolder, plug-in
> is being loaded every time when Adobe Acrobat (or Reader) starts, and
> shows a simple message box.
For those of us not familiar with Acrobat plugins, is there some facility
for the program retrieving/installing plugins automatically, or, to exploit
this would you need to entice a user to manually place your .api file in
their "plug_ins" directory (or run an installer program that would do so, in
which case you could run arbitrary code anyway in the installer)?
Vladimir Katalov <info (at) elcomsoft (dot) com [email concealed]> writes:
> We were able to write a 'fake' plug-in "fakecert.api" which does
> nothing, but being loaded by Adobe Acrobat (and Reader) 4 and 5
> as the certified one even in 'trusted' mode, though we don't have
> a 'Reader Integration Key' (this plug-in has been provided only to
> Adobe and CERT). When installed into 'plug_ins' subfolder, plug-in
> is being loaded every time when Adobe Acrobat (or Reader) starts, and
> shows a simple message box.
For those of us not familiar with Acrobat plugins, is there some facility
for the program retrieving/installing plugins automatically, or, to exploit
this would you need to entice a user to manually place your .api file in
their "plug_ins" directory (or run an installer program that would do so, in
which case you could run arbitrary code anyway in the installer)?
--
Dan Harkless
bugtraq (at) harkless (dot) org [email concealed]
http://harkless.org/dan/
[ reply ]