You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hi,
before all i need to congratz with you, your job on pdf format was very
explicative! Thanks
Btw I'm triyng to embed the cmd.exe to the pdf but i get always this error:
[line 3]GeneralError:Operation Failed
I'm using adobe reader 9.3.0.
C:\origami-1.0.0-beta1\sources\scripts\embed>embed.rb -i base.pdf -o
ciao.pdf cmd.exe
[info ] ...Start parsing file ...
[info ] ...Reading header...
[info ] ...Parsing revision 1...
[info ] ...Parsing xref table...
[info ] ...Parsing trailer...
[info ] ...End parsing file...
[info ]
PDF file saved as ciao.pdf.
As you see from the script output the creation goes fine but still the
error a mentioned above.
Thanks
Original issue reported on code.google.com by xzero...@gmail.com on 6 May 2010 at 5:13
Hello,
actually 'embed.rb' does not just embed the target file into the document. It
will
also inject a little script that will try to run the file at document opening.
However, Acrobat Reader has some restrictions about which files are granted to
be
extracted and run. This security filtering is merely based on the filename
extension.
Some extensions are blacklisted, some are whitelisted, others will pop up an
alert
box to ask for user approval before running the file.
This list of extensions cannot be modified from the Reader interface, you can
find it
on Windows into the registry key:
HKLM\SOFTWARE\Policies\Adobe\Acrobat
Reader\9.0\FeatureLockDown\cDefaultLaunchAttachmentPerms
On Unix systems, it can be found in the preference file in the directory where
Reader
is installed.
On my Linux system: /opt/Adobe/Reader9/Reader/GlobalPrefs/reader_prefs
Only PDF and FDF files are whitelisted by default (which means you can extract
and
run an embedded document from an existing document with no user warning).
In a nutshell, if you plan to embed a malicious file into a document, you have
two
options:
1) Find a flaw in Acrobat Reader to bypass security checks. That's the way I
did when
I began working on the 9.0 version, but it has now been fixed by Adobe.
2) Use a non-blacklisted filename extension for your attachments. Before the 9
version of Reader, I used to embed malicious JAR archives into documents as
*.jar
files were not blacklisted. Still the file has to be launched by Windows
Explorer
thereafter, so you can't set whatever extension you wish. Anyway, on Unix
systems,
the filename extension filter is just a joke.
Regards,
Guillaume
Original comment by guilla...@security-labs.org on 11 May 2010 at 12:41
Original issue reported on code.google.com by
xzero...@gmail.com
on 6 May 2010 at 5:13Attachments:
The text was updated successfully, but these errors were encountered: