Adobe Acrobat security questioned

Acrobat plug-ins can be digitally signed to determine whether they should be loaded by Adobe Acrobat Reader at startup. However, according to ElcomSoft, "this digital signature mechanism is not cryptographically strong and allows other potentially-malicious plug-in code to pretend to be certified by Adobe and be executed by Acrobat Reader". ElcomSoft claims to have found the flaw in 2001, and while acknowledged by Adobe, it says today, with the release of Adobe Reader (6.0), the software is still vulnerable.

For more go to
http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0011.html

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

More about Adobe SystemsCERT AustraliaINSNeohapsis

Show Comments