Critical System Protection

In Adobe Reader Buffer Overflow Exploitation and Prevention part-i, I explained how to exploit Adobe Reader Buffer Overflow vulnerability in windows. In this part i will show you how to prevent Adobe Reader Buffer Overflow vulnerability with Symantec Critical System Protection (SCSP).

 

 

1) I logged into my SCSP Server. Click on Prevention Tab -->  Policies.

 

2) I create one policy named Adobe Buffer Overflow Prevention to prevent Adobe Buffer Overflow Vulnerability in Windows.

 

    

 

3) Right Click on Policy and Click Apply policy

 

    

 

4) Select Agent and Click on Next. Now I am Appling a Prevention Policy on Our target machine.

 

    

 

5) SCSP Prevention is enabled on Windows XP machine.

 

    

 

6) Listner is already running on attaker's machine.

 

    

 

7) Our Victim tries to open the file Again. 

 

    

 

8) But this time SCSP blocks the exploit to execute and didn't give shell to the attacker machine. Attacker will not get meterpreter shell even victim Opens the same file again