barger.blogg.se - Master pdf editor 2021

USF - Universal Signature Forgery CVE-2018-16042.

- Application is not vulnerable to the attack.

- Application is vulnerable to the attack.

Security Evaluation: ISA, SWA, and USF Attacks (2019) Desktop Viewer Applications No feedback despite multiple contact attempts:

Foxit PDF und Foxit PhantomPDF (Mac) 4.0+Ĭonfirmed message receipt (no feedback regarding patch):.

Foxit PDF und Foxit PhantomPDF (Win) 9.7.2+.

: Application is not vulnerable to any shadow attack variantĪll bugs have been reported by the CERT-Bund.

(conditional): The vulnerability is limited, i.e., the same warning is raised in case of an allowed modification (e.g., commenting) as well as in case of unallowed modifications (attacks).

: Application is vulnerable to the attack.

Important: You need to trust the certificate which is used to validate the signature otherwise, the signature validation in the application will be shown as self-signed.

Security Evaluation: Shadow Attacks (2020) Evaluation Summary Perfect PDF 10 Premium, 10.0.0.1, Windows.PDF-XChange Editor, 8.0 (Build 336.0), Windows.This implementation issue enables the adaption of SSA to P1 certiﬁed documents and EAA to P1 and P2 certiﬁed documents. The following applications do not correctly implement permission-level checks. List of Permission-Incompliant PDF Applications Secure: Attack is clearly detectable on the UI Limited Vulnerability: Attack is undetectable on the UIĢ Every kind of annotation, whether it is allowed or not, leads to an Vulnerable: Attack is undetectable on the UIġ LibreOffice does not provide a UI-Layer 3Īnd attacks can, henceforce, not be detected. ∑ Applications that are limited vulnerability, max 26 ∑ Applications that are vulnerable, max 26 Security Evaluation: Certification Attacks (2021)Īll exploits are compliant to the PDF SpecificiationĪttacks improving the stealthiness of EAA and SSA