Web2Secure: Web Security Blog

We are non-funded group of security enthusiast who contributes and updates to community with latest security treats. Use and handle whatever links shared within website could be harmful to your systems with own risks. Feel free to use the contents for commercial or non-commercial purposes. We're very appreciating if using our useful information’s to your website by referring back to this original website. Donation or clicking on ads is most welcome to continue maintains costs for this website.

Monday, May 4, 2009

Adobe Reader Exploits PoC-Updated

Milw0rm released three Adobe Reader exploits in their website. One of the exploit was considered as Critical according to Adobe [http://www.adobe.com/support/security/bulletins/apsb09-04.html], another exploit PoC was tested on Ubuntu platform and lastly was PDF remote exploit target on customDictionaryOpen() function.

Adobe Reader 8.1.4/9.1 GetAnnots() Remote Code Execution Exploit

Adobe Acrobat Reader 8.1.2 – 9.0 getIcon() Memory Corruption Exploit
Exploit pdf reader by spray the large buffer into the Collab.getIcon () function.

PoC can be obtained from http://milw0rm.com/sploits/2009-Adobe.Collab.getIcon.pdf

Adobe 8.1.4/9.1 customDictionaryOpen() Code Execution Exploit

Prevention Steps:
- http://www.web2secure.com/2009/04/preventing-from-pdf-exploit-in-acrobat.html

Reference:
http://www.milw0rm.com/exploits/8595
http://www.milw0rm.com/exploits/8569

Web2Secure: Web Security Blog

Pages

Monday, May 4, 2009

Adobe Reader Exploits PoC-Updated

0 comments: