Metasploit mailing list archives
Acrobat exploit works on more versions than those listed
From: a.nielsen at shikadi.net (Adam Nielsen)
Date: Thu, 23 Jul 2009 13:06:42 +1000
Hi all, I just stumbled across Metasploit and it looks like an amazingly useful tool. I just tested the "Adobe Collab.getIcon() Buffer Overflow" exploit and although it's only listed as supporting Acrobat v8.1.4 I successfully got a remote shell out of Acrobat Reader v9.0.0 (under XP SP3), so I thought you may want to update the version list. I also tested in Acrobat Professional v7.0 and although it ran very slowly the exploit didn't work. I'm not sure whether you want reports like this here (couldn't see any in the archives) so please let me know if there's somewhere else I should post instead (assuming you are interested!) Although the exploit was listed as Windows-only, I also tested it under Linux with Acrobat Reader v8.1.2 and it caused acroread to segfault, but lacking any Linux payload I was unable to test further. Not sure whether this means it's viable under Linux as well. If nothing else it could cause irritation if all your open PDFs suddenly close :-) Thanks again for such a great utility! Cheers, Adam.
Current thread:
- Acrobat exploit works on more versions than those listed Adam Nielsen (Jul 22)