Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

can' embed exe file #1

Closed
GoogleCodeExporter opened this issue Dec 30, 2015 · 1 comment
Closed

can' embed exe file #1

GoogleCodeExporter opened this issue Dec 30, 2015 · 1 comment
Labels
auto-migrated Priority-Medium Type-Defect

Comments

@GoogleCodeExporter
Copy link 

Hi,
before all i need to congratz with you, your job on pdf format was very
explicative! Thanks
Btw I'm triyng to embed the cmd.exe to the pdf but i get always this error:

[line 3]GeneralError:Operation Failed

I'm using adobe reader 9.3.0.

C:\origami-1.0.0-beta1\sources\scripts\embed>embed.rb -i base.pdf -o
ciao.pdf cmd.exe
[info ] ...Start parsing file ...
[info ] ...Reading header...
[info ] ...Parsing revision 1...
[info ] ...Parsing xref table...
[info ] ...Parsing trailer...
[info ] ...End parsing file...
[info ]
PDF file saved as ciao.pdf.

As you see from the script output the creation goes fine but still the
error a mentioned above.
Thanks

Original issue reported on code.google.com by xzero...@gmail.com on 6 May 2010 at 5:13

Attachments:
@GoogleCodeExporter
Copy link
Author 

Hello,

actually 'embed.rb' does not just embed the target file into the document. It 
will
also inject a little script that will try to run the file at document opening.

However, Acrobat Reader has some restrictions about which files are granted to 
be
extracted and run. This security filtering is merely based on the filename 
extension.
Some extensions are blacklisted, some are whitelisted, others will pop up an 
alert
box to ask for user approval before running the file. 

This list of extensions cannot be modified from the Reader interface, you can 
find it
on Windows into the registry key:
HKLM\SOFTWARE\Policies\Adobe\Acrobat
Reader\9.0\FeatureLockDown\cDefaultLaunchAttachmentPerms

On Unix systems, it can be found in the preference file in the directory where 
Reader
is installed.
On my Linux system: /opt/Adobe/Reader9/Reader/GlobalPrefs/reader_prefs

Only PDF and FDF files are whitelisted by default (which means you can extract 
and
run an embedded document from an existing document with no user warning).

In a nutshell, if you plan to embed a malicious file into a document, you have 
two
options:

1) Find a flaw in Acrobat Reader to bypass security checks. That's the way I 
did when
I began working on the 9.0 version, but it has now been fixed by Adobe.

2) Use a non-blacklisted filename extension for your attachments. Before the 9
version of Reader, I used to embed malicious JAR archives into documents as 
*.jar
files were not blacklisted. Still the file has to be launched by Windows 
Explorer
thereafter, so you can't set whatever extension you wish. Anyway, on Unix 
systems,
the filename extension filter is just a joke.

Regards,
Guillaume

Original comment by guilla...@security-labs.org on 11 May 2010 at 12:41

  • Changed state: Done

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
auto-migrated Priority-Medium Type-Defect
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@GoogleCodeExporter