Metasploit mailing list archives
Re: new adobe exploit
From: Brian Milliron <antechrist () io com>
Date: Wed, 06 Jan 2010 21:10:19 -0600
Ok, I've tested the media_newplayer exploit on my test system which has XPSP3 DEP using default settings with the following versions of Adobe using the shell/reverse_tcp payload. Reader 9.0.0 - works Reader 8.1.1 - works Reader 7.0.9 - crashes but no payload execution Reader 6.0.1 - crashes but no payload execution Not sure if this is useful at all, but when it crashed without executing the payload the error report shows a crash in multimedia.api at offset 0005e717. The contents of the registers is as follows: EDI: 0x7ffda000 ESI: 0x0000000 EAX: 0x01840000 EBX: 0x0012da70 ECX: 0x00001000 EDX: 0x7c90e514 EIP: 0x7c90e514 EBP: 0x0012dae4 ESP: 0x0012da48 Maybe it is crashing before it can read the payload? I tried it with and without AV and the AV seems to have no effect. One slightly glitchy thing I noticed. I would reboot the victim PC inbetween tests. Sometimes meterpreter would end the session gracefully and return me to my msf prompt, but sometimes it would just hang and have to be shut down. Brian _______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- new adobe exploit Brian Milliron (Jan 05)
- Re: new adobe exploit Jeffs (Jan 05)
- Re: new adobe exploit τ∂υƒιφ * (Jan 05)
- Re: new adobe exploit Brian Milliron (Jan 06)
- Re: new adobe exploit τ∂υƒιφ * (Jan 05)
- Re: new adobe exploit Lurene Grenier (Jan 06)
- Re: new adobe exploit Jeffs (Jan 05)