Security Evaluation: Certification Attacks (2021)

Test:

Application

Version

PDF Specification Flaws

All exploits are compliant to the PDF Specificiation

Applications’ Implementation Flaws

Attacks improving the stealthiness of EAA and SSA

UI-Layer 1

UI-Layer 2

UI-Layer 3

UI-Layer 1

UI-Layer 2

UI-Layer 3

EAA

SSA

EAA

SSA

EAA

SSA

EAA

SSA

EAA

Adobe Acrobat Reader DC

2020.009.20074

Windows

Adobe Acrobat Pro 2017

2017.011.30171

Expert PDF 14

14.0.28.3456

Foxit PhantomPDF

9.7.1.29511

Foxit Reader

9.7.1.29511

LibreOffice Draw

6.4.2.2

Master PDF Editor

5.4.38

Nitro Pro

13.13.2.242

Nitro Reader

5.5.9.2

PDF Architect

7.1.14.4969

PDF Editor 6 Pro

6.5.0.3929

PDFelement Pro

7.5.1.4782

PDF-XChange Editor

8.0 (Build 336.0)

Perfect PDF 8 Reader

8.0.3.5

Perfect PDF 10 Premium

10.0.0.1

Power PDF Standard

3.10.6687

Soda PDF Desktop

11.2.46.6035

Adobe Acrobat Reader DC

2020.009.20074

MacOS

Adobe Acrobat Pro 2017

2017.011.30171

Foxit PhantomPDF

3.4.0.1012

Foxit Reader

3.4.0.1012

LibreOffice Draw

6.4.2.2

PDF Editor 6 Pro

6.5.0.3929

PDFelement Pro

7.5.9.2925.5460

LibreOffice Draw

6.4.2.2

Linux

Master PDF Editor

5.4.38

∑ Applications that are vulnerable , max 26

∑ Applications that are limited vulnerability , max 26

Vulnerable: Attack is undetectable on the UI Layer.

¹ LibreOffice does not provide a UI-Layer 3 and attacks can, henceforce, not be detected.

Limited Vulnerability: Attack is undetectable on the UI Layer but general notification is shown

² Every kind of annotation, whether it is allowed or not, leads to an invalid certiﬁcation.

Secure: Attack is clearly detectable on the UI Layer.

List of Permission-Incompliant PDF Applications

The following applications do not correctly implement permission-level checks. This implementation issue enables the adaption of SSA to P1 certiﬁed documents and EAA to P1 and P2 certiﬁed documents.

Expert PDF 14, 14.0.28.3456, Windows
LibreOffice Draw, 6.4.2.2, Windows
Master PDF Editor, 5.4.38, Windows
PDF Architect 7, 7.1.14.4969, Windows
PDF-XChange Editor, 8.0 (Build 336.0), Windows
Perfect PDF 8 Reader, 8.0.3.5, Windows
Perfect PDF 10 Premium, 10.0.0.1, Windows
Soda PDF Desktop, 11.2.46.6035, Windows
LibreOffice Draw, 6.4.2.2, macOS
Master PDF Editor, 5.4.38, Linux
LibreOffice Draw, 6.4.2.2, Linux

Fixed Applications

Adobe Acrobat DC, 2021.001.20315, Windows
Adobe Acrobat 2020, 2020.001.30020, Windows
Adobe Acrobat 2017, 2017.011.30190, Windows
Foxit PhantomPDF, 10.1.1, Windows
Foxit Reader, 10.1.1, Windows
LibreOffice, 7.0.4, Windows
Adobe Acrobat DC, 2021.001.20315, macOS
Adobe Acrobat 2020, 2020.001.30020, macOS
Adobe Acrobat 2017, 2017.011.30190, macOS
Foxit PhantomPDF, 4.1.1, macOS
Foxit Reader, 4.1.1, macOS
LibreOffice, 7.0.4, macOS
LibreOffice, 7.0.4, Linux

Security Evaluation: Shadow Attacks (2020)

Evaluation Summary

Important: You need to trust the certificate which is used to validate the signature; otherwise, the signature validation in the application will be shown as self-signed.

Legend:

: Application is vulnerable to the attack
(conditional): The vulnerability is limited, i.e., the same warning is raised in case of an allowed modification (e.g., commenting) as well as in case of unallowed modifications (attacks)
: Application is not vulnerable to any shadow attack variant

Windows

Application	Version	Shadow Hide	Shadow Replace	Shadow Hide-and-Replace
Adobe Acrobat Reader DC	2019.021.20061
Adobe Acrobat Pro 2017	2017.011.30156
Expert PDF 14	14.0.25.3456 64-bit	(conditional)	(conditional)	(conditional)
Foxit Reader	9.7.0.29455
Foxit PhantomPDF	9.7.0.29478
LibreOffice Draw	6.4.2.2		(conditional)
Master PDF Editor	5.4.38, 64 bit			(conditional)
Nitro Pro	12.16.3.574	(conditional)	(conditional)	(conditional)
Nitro Reader	5.5.9.2	(conditional)	(conditional)	(conditional)
PDF Architect	7 7.0.26.3193 64-bit	(conditional)	(conditional)	(conditional)
PDF Editor 6 Pro	6.5.0.3929
PDFelement	7.4.0.4670
PDF-XChange Editor	8.0 (Build 331.0)	(conditional)	(conditional)	(conditional)
Perfect PDF Reader	V14.0.9 (29.0)	(conditional)	(conditional)	(conditional)
Perfect PDF 8 Reader	8.0.3.5
Perfect PDF 10 Premium	10.0.0.1
Power PDF Standard	3.0 (Patch-19154.100)
Soda PDF Desktop	11.1.09.4184 64-bit		(conditional)	(conditional)

macOS

Application	Version	Shadow Replace	Shadow Hide-and-Replace
Adobe Acrobat Reader DC	2019.021.20061
Adobe Acrobat Pro 2017	2017.011.30156
Foxit Reader	3.4.0.1012
Foxit PhantomPDF	3.4.0.1012
LibreOffice Draw	6.4.2.2	(conditional)	(conditional)
Master PDF Editor	5.4.38, 64 bit
PDF Editor 6 Pro	6.8.1.3450
PDFelement	7.5.7.2895

Linux

Application	Version	Shadow Hide	Shadow Replace	Shadow Hide-and-Replace
Master PDF Editor	5.4.38, 64 bit
LibreOffice Draw	6.4.2.2		(conditional)	(conditional)

Status fixes (22.10.2020)

All bugs have been reported by the CERT-Bund.

Fixes announced by the vendors

Adobe DC (Mac + Win): 2020.006.20042
Adobe 2017 (Mac + Win): 2017.011.30166
Adobe 2015 (Mac + Win): 2015.006.30518
LibreOffice v6.4.7 and 7.0.2
Foxit PDF und Foxit PhantomPDF (Win) 9.7.2+
Foxit PDF und Foxit PhantomPDF (Mac) 4.0+
SodaPDF v12+
Kofax (PowerPDF)
Master PDF Editor (Win): 5.7.08

Confirmed message receipt (no feedback regarding patch):

Master PDF Editor
Nitro
PDF-XChange
pdfforge GmbH PDF Architect

No feedback despite multiple contact attempts:

eXpert / ExpertReader
PDF Editor
PDFelement
Perfect

Security Evaluation: ISA, SWA, and USF Attacks (2019)

Desktop Viewer Applications

Important: You need to trust the certificate which is used to validate the signature; otherwise, the signature validation in the application will be shown as self-signed.

Legend:

- Application is vulnerable to the attack
- Application is not vulnerable to the attack
USF - Universal Signature Forgery CVE-2018-16042
ISA - Incremental Saving Attack CVE-2018-18688
SWA - Signature Wrapping Attack CVE-2018-18689

Windows

Application	Version	USF	ISA	SWA
Adobe Acrobat Reader DC	2018.011, 2019.008.20080	(PoC)
Adobe Reader XI	11.0.10, 11.0.23	(PoC)
eXpert PDF 12 Ultimate	12.0.20			(PoC)
Expert PDF Reader	9.0.180			(PoC)
Foxit Reader	9.1.0, 9.2.0.9297, 9.3.0.10826		(PoC)	(PoC)
LibreOffice (Draw)	6.0.6.2, 6.1.3.2		(conditional) (PoC)
Master PDF Editor	5.1.12, 5.1.68		(PoC)
Nitro Pro	11.0.3.173		(conditional) (PoC)	(PoC)
Nitro Reader	5.5.9.2		(conditional) (PoC)	(PoC)
Nuance Power PDF Standard	3.0.0.17, 3.0.0.30		(PoC)
PDF Architect 6	6.0.37, 6.1.24.1862			(PoC)
PDF Editor 6 Pro	6.4.2.3521	(conditional) (PoC)	(PoC)	(PoC)
PDF Experte 9 Ultimate	9.0.270			(PoC)
PDFelement6 Pro	6.8.0.3523, 6.8.4.3921	(conditional) (PoC)	(PoC)	(PoC)
PDF Studio Viewer 2018	2018.0.1, 2018.2.0		(PoC)	(PoC)
PDF Studio Pro	12.0.7		(PoC)	(PoC)
PDF-XChange Editor	7.0.326, 7.0.237.1			(PoC)
PDF-XChange Viewer	2.5			(PoC)
Perfect PDF 10 Premium	10.0.0.1		(PoC)	(PoC)
Perfect PDF Reader	13.0.3, 13.1.5		(PoC)	(PoC)
Soda PDF Desktop	10.2.09, 10.2.16.1217			(PoC)
Soda PDF	9.3.17			(PoC)

Linux

Application	Version	USF	ISA	SWA
Adobe Acrobat Reader DC	2018.011	(PoC)
Adobe Reader 9	9.5.5
Foxit Reader	9.1.0 , 9.2.0		(PoC)	(PoC)
LibreOffice (Draw)	6.0.3.2 , 6.1.3.2		(conditional) (PoC)
Master PDF Editor	5.1.12, 5.1.68		(PoC)
PDF Studio Viewer 2018	2018.0.1, 2018.2.0		(PoC)	(PoC)
PDF Studio Pro	12.0.7		(PoC)	(PoC)

macOS

Application	Version	USF	ISA	SWA
Adobe Acrobat Reader DC	2018.011,2019.008.20080	(PoC)
Adobe Reader XI	11.0.10, 11.0.23	(PoC)
Foxit Reader	9.1.0 , 9.2.0		(PoC)	(PoC)
LibreOffice (Draw)	6.1.0.3, 6.1.3.2		(conditional) (PoC)
Master PDF Editor	5.1.24, 5.1.68		(PoC)
PDF Editor 6 Pro	6.6.2.3315, 6.7.6.3399	(conditional) (PoC)	(PoC)	(PoC)
PDFelement6 Pro	6.7.1.3355, 6.7.6.3399	(conditional) (PoC)	(PoC)	(PoC)
PDF Studio Viewer 2018	2018.0.1, 2018.2.0		(PoC)	(PoC)
PDF Studio Pro	12.0.7		(PoC)	(PoC)

Download PoCs

You can get all Proof-of-Concept exploits in one tar.gz file via the following link.

Online Validation Services

Please note that we do not provide any exploit, due to the reason that the services are already fixed and thus it would not be possible to test the PoCs against any services.

Legend:

- Application is vulnerable to the attack
- Application is not vulnerable to the attack
USF - Universal Signature Forgery
ISA - Incremental Saving Attack
SWA - Signature Wrapping Attack
- It was not possible to evaluate this services, because we had no pdf document containing a signature which the service would trust.

Online Validation Service	Version	USF	ISA	SWA	Fixed
DocuSign	v1 REST API with PDFKit.NET 18.3.200.9768				not fixed yet
eTR Validation Service	v 2.0.3
DSS Demonstration WebApp	WebApp 5.2				not fixed yet
DSS Demonstration WebApp	WebApp 5.4
Evotrust	12.0.20				not fixed yet
VEP.si	2017-06-26
SiVa Sample Application	release-2.0.1	-	-	-	-

Responsible Disclosure

As part of our research, we started a responsible disclosure procedure after we identified 21 out of 22 desktop viewer applications vulnerable against at least one of our attacks.

In cooperation with the CERT-Bund, the national CERT section of BSI, we contacted all vendors, provided proof-of-concept exploits, and helped them to fix the issues, and three generic CVEs for each attack class were issued: CVE-2018-16042 (USF), CVE-2018-18688, CVE-2018-18689.