Metasploit modules that can be used to exploit Foxitsoftware » Phantompdf
-
Foxit PDF Reader Pointer Overwrite UAF
Disclosure Date: 2018-04-20First seen: 2020-04-26exploit/windows/fileformat/foxit_reader_uafFoxit PDF Reader v9.0.1.1049 has a Use-After-Free vulnerability in the Text Annotations component and the TypedArray's use uninitialized pointers. The vulnerabilities can be combined to leak a vtable memory address, which can be adjusted to point to the base address of the executable. A ROP chain can be constructed that will execute when Foxit Reader performs the UAF. This module has been tested on Windows 7 x64, Windows 10 Pro x64 Build 17134, and Windows 10 Enterprise x64. Windows 10 Enterprise must have insecure logons enabled for the exploit to work as expected. Authors: - mr_me - bit from meepwn - saelo - Jacob Robles -
Foxit PDF Reader Pointer Overwrite UAF
Disclosure Date: 2018-04-20First seen: 2020-04-26exploit/windows/fileformat/foxit_reader_uafFoxit PDF Reader v9.0.1.1049 has a Use-After-Free vulnerability in the Text Annotations component and the TypedArray's use uninitialized pointers. The vulnerabilities can be combined to leak a vtable memory address, which can be adjusted to point to the base address of the executable. A ROP chain can be constructed that will execute when Foxit Reader performs the UAF. This module has been tested on Windows 7 x64, Windows 10 Pro x64 Build 17134, and Windows 10 Enterprise x64. Windows 10 Enterprise must have insecure logons enabled for the exploit to work as expected. Authors: - mr_me - bit from meepwn - saelo - Jacob Robles
2 metasploit modules found
Please note: Metasploit modules are only matched by CVE numbers.
Visit metasploit web site for more details