Acrobat exploit works on more versions than those listed

[a.nielsen at shikadi.net (Adam Nielsen)]

Hi all,

I just stumbled across Metasploit and it looks like an amazingly useful
tool.

I just tested the "Adobe Collab.getIcon() Buffer Overflow" exploit and
although it's only listed as supporting Acrobat v8.1.4 I successfully
got a remote shell out of Acrobat Reader v9.0.0 (under XP SP3), so I
thought you may want to update the version list.  I also tested in
Acrobat Professional v7.0 and although it ran very slowly the exploit
didn't work.

I'm not sure whether you want reports like this here (couldn't see any
in the archives) so please let me know if there's somewhere else I
should post instead (assuming you are interested!)

Although the exploit was listed as Windows-only, I also tested it under
Linux with Acrobat Reader v8.1.2 and it caused acroread to segfault, but
lacking any Linux payload I was unable to test further.  Not sure
whether this means it's viable under Linux as well.  If nothing else it
could cause irritation if all your open PDFs suddenly close :-)

Thanks again for such a great utility!

Cheers,
Adam.