#!/usr/bin/perl
#
# Foxit Reader 3.0 (<= Build 1301) PDF Buffer Overflow Exploit
# ------------------------------------------------------------
# Exploit by SkD ([email protected])
#
# A SEH overflow occurs in this vulnerability in the popular
# Foxit Reader. The latest build (1506) is not affected but
# previous are. SafeSEH is a bitch in this one, but nothing
# is impossible :).
#
# Exploit written for Windows XP SP3.
#
# Credits to CORE Sec.
#
# Note: Author is not responsible for any damage done with this.
阅读全文 »
Tags: Exploit,
Foxit Reader,
PDF
causes an exception at 41414141
http://milw0rm.com/sploits/2009-41414141.pdf
# milw0rm.com [2009-02-23]
Tags: PDF,
PoC
来源:alert7
下面这个是老的。
http://insecureweb.com/%20/newish-web-based-pdf-attack-in-the-wild-with-real-exploit-code/
新的pdf 0day 在这里
http://vrt-sourcefire.blogspot.com/2009/02/have-nice-weekend-pdf-love.html
阅读全文 »
Tags: 0day,
PDF
来源:大能寺
poc有人已经公布了.利用方式基本上清一色的tftp,tftp利用起来有限制,防火墙的因素.那么简单说说另外一种利用方式–捆绑exe生成并执行.
首先这个漏洞可以执行任意命令.我没试过直接在mailto那里直接echo exe.貌似好写很多行&哦.这样太疯狂.
在PDF格式中第一行必须有%PDF-1.7%.这个跟jpg,gif没什么区别.如果没%pdf-1.7%,那么adobe reader提示是无效pdf.
关于PDF的详解情况,可以参见(http://www.adobe.com/devnet/pdf/pdf_reference.html).
这里牵涉到另外一个知识点.copy +b来合并文件.这样子合并一个exe和jpg,exe和jpg都能执行.
好,那写段脚本,vb 阅读全文 »
Tags: Adobe,
Adobe Reader,
PDF
作者:zwell
来源:NOSEC
右键另存再打开测试文档,否则会调用IE的插件打开,测试会失败。如果你硬要通过点击打开的话,点击这里吧,嘿嘿,这本身也是IE的一个解析漏洞。
在 http://seclists.org/fulldisclosure/2007/Oct/0068.html 看到这个漏洞的时候,一时还没有想到怎么利用。后来结合去年有一个关于pdf actions安全隐患的这么一个问题(参看 http://michaeldaw.org/md-hacks/backdooring-pdf-files/ 阅读全文 »
Tags: PDF
来源:Ph4nt0m Google Group
Link to exploit:
Please download and open it locally in Adobe Acrobat (not in Adobe Acrobat
ActiveX control):
http://security.fedora-hosting.com/0day/pdf/pdf_poc.pdf
Description:
0-day proof of concept (PoC) exploit for Adobe Acrobat.
Software affected:
+ Adobe Reader 8.1 (and earlier)
+ Adobe Acrobat Standard, 阅读全文 »
Tags: Adobe Acrobat Reader,
PDF