Adobe Acrobat security questioned
- 09 July, 2003 10:18
Acrobat plug-ins can be digitally signed to determine whether they should be loaded by Adobe Acrobat Reader at startup. However, according to ElcomSoft, "this digital signature mechanism is not cryptographically strong and allows other potentially-malicious plug-in code to pretend to be certified by Adobe and be executed by Acrobat Reader". ElcomSoft claims to have found the flaw in 2001, and while acknowledged by Adobe, it says today, with the release of Adobe Reader (6.0), the software is still vulnerable.
For more go to
http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0011.html