Re: Excel with VBA and adobe_pdf_embedded_exe_nojs

[Jeremy <jeremy () sudosecure net>]

Hey Richard:

Can you send me the PDF create by adobe_pdf_embedded_exe_nojs?  I can
troubleshoot it to see if I see anything wrong with it.  I know both
Foxit and Adobe patched this in there latest releases but I was not
aware of Foxit stripping out and/or ignoring the parameters option,
but this may be so which would explain why on the cmd.exe shell is
displaying.  If you'll send your PDF to me I will test, or when I get
a few minutes I will try to recreate your issue to see if I can
recreate it.

As far as the other questions I will leave that up to the guru's, as I
don't know that I can be of any help there.  Sorry about that.

--jeremy

On Fri, Sep 17, 2010 at 4:25 AM, Richard Miles
<richard.k.miles () googlemail com> wrote:
> Hi
>
> I'm testing and learning the client side attacks...
>
> I created a .vba payload that is windows/exec that just call calc.exe,
> I'm using Office 2007. I created a macro and copied the script, if I
> click in "run" the calc.exe appears, if I save (.xlsm) and open it
> there is a box telling that macro is disable by default, it's very
> bad. But just to test I enabled it. But neither enabling it the calc
> opens again, but if I go to macro editor again and click in "run" it
> works. I'm doing something wrong? It's not exploitable anymore?
>
> I also tested adobe_pdf_embedded_exe_nojs with windows/exec that just
> call calc.exe, I use foxit reader, the weird is that is always open
> cmd.exe, ignoring the param that I sent to windows/exec. Strange. I'm
> doing something wrong? It's not exploitable anymore?
>
> Thanks
> _______________________________________________
> https://mail.metasploit.com/mailman/listinfo/framework
_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework