#!/usr/bin/perl
# k`sOSe 02/22/2009
# http://vrt-sourcefire.blogspot.com/2009/02/have-nice-weekend-pdf-love.html
my $size = “\x40\x00”;
my $factor = “ABCD”;
my $data = “A” x 8314;
阅读全文 »
[UPDATE]Adobe Reader/Acrobat Remote PDF Print Silently Vulnerability
by cocoruder([email protected])
http://ruder.cdut.net, updated on 2008.05.06
Summary:
A design error vulnerability exists in Adobe Reader and Adobe Acrobat Professional. A remote attacker who successfully exploit this vulnerability can control the printer without user’s permission.
Affected Software Versions:
Adobe Reader 8.1.1 and earlier versions
Adobe Acrobat Professional, 3D and Standard 8.1.1 and earlier versions
Details:
This vulnerablity due to the design error of the javascript fucntion “DOC.print()”, following are the annotates of the function in Adobe’s Javascript API Reference(named “js_api_reference.pdf”):
Tags: Adobe, Adobe Acrobat Reader, Adobe Reader, Advisory, Vulnerabilityby cocoruder([email protected])
http://ruder.cdut.net
Summary:
More than three local code execute vulnerabilities exist in Adobe Flash CS3 Professional while it is parsing FLA files. An attacker who successfully exploit these vulnerabilities can run arbitrary code on the affected system.
Affected Software Versions:
Adobe Flash CS3 Professional 9.0
阅读全文 »
来源:大能寺
poc有人已经公布了.利用方式基本上清一色的tftp,tftp利用起来有限制,防火墙的因素.那么简单说说另外一种利用方式–捆绑exe生成并执行.
首先这个漏洞可以执行任意命令.我没试过直接在mailto那里直接echo exe.貌似好写很多行&哦.这样太疯狂.
在PDF格式中第一行必须有%PDF-1.7%.这个跟jpg,gif没什么区别.如果没%pdf-1.7%,那么adobe reader提示是无效pdf.
关于PDF的详解情况,可以参见(http://www.adobe.com/devnet/pdf/pdf_reference.html).
这里牵涉到另外一个知识点.copy +b来合并文件.这样子合并一个exe和jpg,exe和jpg都能执行.
好,那写段脚本,vb 阅读全文 »
