Metasploit mailing list archives

Re: new adobe exploit

From: Brian Milliron <antechrist () io com>
Date: Wed, 06 Jan 2010 21:10:19 -0600

Ok, I've tested the media_newplayer exploit on my test system which has
XPSP3 DEP using default settings with the following versions of Adobe
using the shell/reverse_tcp payload.
Reader 9.0.0 - works
Reader 8.1.1 - works
Reader 7.0.9 - crashes but no payload execution
Reader 6.0.1 - crashes but no payload execution

Not sure if this is useful at all, but when it crashed without executing
the payload the error report shows a crash in multimedia.api at offset
0005e717.  The contents of the registers is as follows:
EDI: 0x7ffda000 ESI: 0x0000000 EAX: 0x01840000 EBX: 0x0012da70 ECX:
0x00001000 EDX: 0x7c90e514 EIP: 0x7c90e514 EBP: 0x0012dae4 ESP: 0x0012da48
Maybe it is crashing before it can read the payload?

I tried it with and without AV and the AV seems to have no effect.
One slightly glitchy thing I noticed.  I would reboot the victim PC
inbetween tests.  Sometimes meterpreter would end the session gracefully
and return me to my msf prompt, but sometimes it would just hang and
have to be shut down.

Brian




_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework

Current thread:

new adobe exploit Brian Milliron (Jan 05)
- Re: new adobe exploit Jeffs (Jan 05)
  - Re: new adobe exploit τ∂υƒιφ * (Jan 05)
    - Re: new adobe exploit Brian Milliron (Jan 06)
- Re: new adobe exploit Lurene Grenier (Jan 06)