===================================================== # Adobe Reader 9.3.0 - DLL Hijacking ===================================================== # Vendor Homepage: https://www.adobe.com/ # Date: 24 Oct 2016 # Version : 9.3.0 # Author: Ashiyane Digital Security Team # Contact: hehsan979@gmail.com ===================================================== # PoC: 1. Create a malicious dll file with name "AcroRd32.dll" and save it in "C:\Program Files\Adobe\Reader 9.0\Reader" directory. 2. Execute "AcroRd32.exe" from "C:\Program Files\Adobe\Reader 9.0\Reader" directory. 3. Malicious dll file gets executed. ===================================================== # Discovered By : Ehsan Hosseini =====================================================