Portable Document Format - Specification Signature Collision

2010-08-11T00:00:00
ID EXPLOITPACK:6B47047237E59E8C20F8C35540D7064E
Type exploitpack
Reporter Florian Zumbiehl
Modified 2010-08-11T00:00:00

Description

Portable Document Format - Specification Signature Collision

                                        
                                            source: https://www.securityfocus.com/bid/42377/info

The Portable Document Format (PDF) specification is prone to a signature-collision attack when signing PDF documents.

An attacker can exploit this issue to create PDF documents containing forged signatures. Successfully exploiting this issue will result in the application accepting the signature of a document as valid when it is not. This may result in a false sense of security; other attacks are also possible.

All products conforming to the specification for signing PDF documents are affected by this issue. 

https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/34437.tar.gz