twofaz / origami-pdf

Automatically exported from code.google.com/p/origami-pdf
GNU Lesser General Public License v3.0
0 stars 0 forks source link

can' embed exe file #1

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago
Hi,
before all i need to congratz with you, your job on pdf format was very
explicative! Thanks
Btw I'm triyng to embed the cmd.exe to the pdf but i get always this error:

[line 3]GeneralError:Operation Failed

I'm using adobe reader 9.3.0.

C:\origami-1.0.0-beta1\sources\scripts\embed>embed.rb -i base.pdf -o
ciao.pdf cmd.exe
[info ] ...Start parsing file ...
[info ] ...Reading header...
[info ] ...Parsing revision 1...
[info ] ...Parsing xref table...
[info ] ...Parsing trailer...
[info ] ...End parsing file...
[info ]
PDF file saved as ciao.pdf.

As you see from the script output the creation goes fine but still the
error a mentioned above.
Thanks

Original issue reported on code.google.com by xzero...@gmail.com on 6 May 2010 at 5:13

Attachments:

GoogleCodeExporter commented 8 years ago
Hello,

actually 'embed.rb' does not just embed the target file into the document. It 
will
also inject a little script that will try to run the file at document opening.

However, Acrobat Reader has some restrictions about which files are granted to 
be
extracted and run. This security filtering is merely based on the filename 
extension.
Some extensions are blacklisted, some are whitelisted, others will pop up an 
alert
box to ask for user approval before running the file. 

This list of extensions cannot be modified from the Reader interface, you can 
find it
on Windows into the registry key:
HKLM\SOFTWARE\Policies\Adobe\Acrobat
Reader\9.0\FeatureLockDown\cDefaultLaunchAttachmentPerms

On Unix systems, it can be found in the preference file in the directory where 
Reader
is installed.
On my Linux system: /opt/Adobe/Reader9/Reader/GlobalPrefs/reader_prefs

Only PDF and FDF files are whitelisted by default (which means you can extract 
and
run an embedded document from an existing document with no user warning).

In a nutshell, if you plan to embed a malicious file into a document, you have 
two
options:

1) Find a flaw in Acrobat Reader to bypass security checks. That's the way I 
did when
I began working on the 9.0 version, but it has now been fixed by Adobe.

2) Use a non-blacklisted filename extension for your attachments. Before the 9
version of Reader, I used to embed malicious JAR archives into documents as 
*.jar
files were not blacklisted. Still the file has to be launched by Windows 
Explorer
thereafter, so you can't set whatever extension you wish. Anyway, on Unix 
systems,
the filename extension filter is just a joke.

Regards,
Guillaume

Original comment by guilla...@security-labs.org on 11 May 2010 at 12:41