This Metasploit module exploits a buffer overflow in Adobe Reader and Adobe Acrobat Professional < 8.1.4. By creating a specially crafted pdf that a contains malformed Collab.getIcon() call, an attacker may be able to execute arbitrary code.
d4a91c898b2b649b678e2e14b004ed1827360112073820eebd1bb1198e2c3e7aAdobe Reader Collab.getIcon() buffer overflow exploit.
4c864bafa7d7369b396207fd655fe2e4ab8cbd7010dcb62abe900dec15e17645Gentoo Linux Security Advisory GLSA 200904-17 - Adobe Reader is vulnerable to execution of arbitrary code. Versions less than 8.1.4 are affected.
82943914ab791c70a4e7ab66d9e6b9500c51f22b7c584169a076dca5843766d1Zero Day Initiative Advisory 09-014 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat and Adobe Reader. User interaction is required in that a user must visit a malicious web site or open a malicious file. The specific flaw exists when processing malicious JavaScript contained in a PDF document. When supplying a specially crafted argument to the getIcon() method of a Collab object, proper bounds checking is not performed resulting in a stack overflow. If successfully exploited full control of the affected machine running under the credentials of the currently logged in user can be achieved.
3966eb32a4b46860d3fd3a7759decd3530e5798e73e8cc0daf08deac574462a2
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed