CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Metasploit Modules Related To Adobe Acrobat

CVE-2007-5659  Adobe Collab.collectEmailInfo() Buffer Overflow
This module exploits a buffer overflow in Adobe Reader and Adobe Acrobat Professional 8.1.1. By creating a specially crafted pdf that a contains malformed Collab.collectEmailInfo() call, an attacker may be able to execute arbitrary code.
Module type : exploit Rank : good Platforms : Windows
CVE-2008-2992  Adobe util.printf() Buffer Overflow
This module exploits a buffer overflow in Adobe Reader and Adobe Acrobat Professional < 8.1.3. By creating a specially crafted pdf that a contains malformed util.printf() entry, an attacker may be able to execute arbitrary code.
Module type : exploit Rank : good Platforms : Windows
CVE-2008-2992  Adobe util.printf() Buffer Overflow
This module exploits a buffer overflow in Adobe Reader and Adobe Acrobat Professional < 8.1.3. By creating a specially crafted pdf that a contains malformed util.printf() entry, an attacker may be able to execute arbitrary code.
Module type : exploit Rank : good Platforms : Windows
CVE-2009-658  Adobe JBIG2Decode Heap Corruption
This module exploits a heap-based pointer corruption flaw in Adobe Reader 9.0.0 and earlier. This module relies upon javascript for the heap spray.
Module type : exploit Rank : good Platforms : Windows
CVE-2009-658  Adobe JBIG2Decode Memory Corruption
This module exploits a heap-based pointer corruption flaw in Adobe Reader 9.0.0 and earlier. This module relies upon javascript for the heap spray.
Module type : exploit Rank : good Platforms : Windows
CVE-2009-927  Adobe Collab.getIcon() Buffer Overflow
This module exploits a buffer overflow in Adobe Reader and Adobe Acrobat. Affected versions include < 7.1.1, < 8.1.3, and < 9.1. By creating a specially crafted pdf that a contains malformed Collab.getIcon() call, an attacker may be able to execute arbitrary code.
Module type : exploit Rank : good Platforms : Windows
CVE-2009-927  Adobe Collab.getIcon() Buffer Overflow
This module exploits a buffer overflow in Adobe Reader and Adobe Acrobat. Affected versions include < 7.1.1, < 8.1.3, and < 9.1. By creating a specially crafted pdf that a contains malformed Collab.getIcon() call, an attacker may be able to execute arbitrary code.
Module type : exploit Rank : good Platforms : Windows
CVE-2009-2990  Adobe U3D CLODProgressiveMeshDeclaration Array Overrun
This module exploits an array overflow in Adobe Reader and Adobe Acrobat. Affected versions include < 7.1.4, < 8.1.7, and < 9.2. By creating a specially crafted pdf that a contains malformed U3D data, an attacker may be able to execute arbitrary code.
Module type : exploit Rank : good Platforms : Windows,Linux
CVE-2009-3459  Adobe FlateDecode Stream Predictor 02 Integer Overflow
This module exploits an integer overflow vulnerability in Adobe Reader and Adobe Acrobat Professional versions before 9.2.
Module type : exploit Rank : good Platforms : Windows
CVE-2009-3459  Adobe FlateDecode Stream Predictor 02 Integer Overflow
This module exploits an integer overflow vulnerability in Adobe Reader and Adobe Acrobat Professional versions before 9.2.
Module type : exploit Rank : good Platforms : Windows
CVE-2009-3953  Adobe U3D CLODProgressiveMeshDeclaration Array Overrun
This module exploits an array overflow in Adobe Reader and Adobe Acrobat. Affected versions include < 7.1.4, < 8.2, and < 9.3. By creating a specially crafted pdf that a contains malformed U3D data, an attacker may be able to execute arbitrary code.
Module type : exploit Rank : good Platforms : Windows
CVE-2009-4324  Adobe Doc.media.newPlayer Use After Free Vulnerability
This module exploits a use after free vulnerability in Adobe Reader and Adobe Acrobat Professional versions up to and including 9.2.
Module type : exploit Rank : good Platforms : Windows
CVE-2009-4324  Adobe Doc.media.newPlayer Use After Free Vulnerability
This module exploits a use after free vulnerability in Adobe Reader and Adobe Acrobat Professional versions up to and including 9.2.
Module type : exploit Rank : good Platforms : Windows
CVE-2010-1297  Adobe Flash Player &quot;newfunction&quot; Invalid Pointer Use
This module exploits a vulnerability in the DoABC tag handling within versions 9.x and 10.0 of Adobe Flash Player. Adobe Reader and Acrobat are also vulnerable, as are any other applications that may embed Flash player. Arbitrary code execution is achieved by embedding a specially crafted Flash movie into a PDF document. An AcroJS heap spray is used in order to ensure that the memory used by the invalid pointer issue is controlled. NOTE: This module uses a similar DEP bypass method to that used within the adobe_libtiff module. This method is unlikely to work across various Windows versions due a the hardcoded syscall number.
Module type : exploit Rank : normal Platforms : Windows
CVE-2010-1297  Adobe Flash Player &quot;newfunction&quot; Invalid Pointer Use
This module exploits a vulnerability in the DoABC tag handling within versions 9.x and 10.0 of Adobe Flash Player. Adobe Reader and Acrobat are also vulnerable, as are any other applications that may embed Flash player. Arbitrary code execution is achieved by embedding a specially crafted Flash movie into a PDF document. An AcroJS heap spray is used in order to ensure that the memory used by the invalid pointer issue is controlled. NOTE: This module uses a similar DEP bypass method to that used within the adobe_libtiff module. This method is unlikely to work across various Windows versions due a the hardcoded syscall number.
Module type : exploit Rank : normal Platforms : Windows
CVE-2010-2883  Adobe CoolType SING Table &quot;uniqueName&quot; Stack Buffer Overflow
This module exploits a vulnerability in the Smart INdependent Glyplets (SING) table handling within versions 8.2.4 and 9.3.4 of Adobe Reader. Prior versions are assumed to be vulnerable as well.
Module type : exploit Rank : great Platforms : Windows
CVE-2010-2883  Adobe CoolType SING Table &quot;uniqueName&quot; Stack Buffer Overflow
This module exploits a vulnerability in the Smart INdependent Glyplets (SING) table handling within versions 8.2.4 and 9.3.4 of Adobe Reader. Prior versions are assumed to be vulnerable as well.
Module type : exploit Rank : great Platforms : Windows
CVE-2010-3654  Adobe Flash Player &quot;Button&quot; Remote Code Execution
This module exploits a vulnerability in the handling of certain SWF movies within versions 9.x and 10.0 of Adobe Flash Player. Adobe Reader and Acrobat are also vulnerable, as are any other applications that may embed Flash player. Arbitrary code execution is achieved by embedding a specially crafted Flash movie into a PDF document. An AcroJS heap spray is used in order to ensure that the memory used by the invalid pointer issue is controlled. NOTE: This module uses a similar DEP bypass method to that used within the adobe_libtiff module. This method is unlikely to work across various Windows versions due a the hardcoded syscall number.
Module type : exploit Rank : normal Platforms : Windows
CVE-2011-609  Adobe Flash Player AVM Bytecode Verification Vulnerability
This module exploits a vulnerability in Adobe Flash Player versions 10.2.152.33 and earlier. This issue is caused by a failure in the ActionScript3 AVM2 verification logic. This results in unsafe JIT(Just-In-Time) code being executed. This is the same vulnerability that was used for the RSA attack in March 2011. Specifically, this issue results in uninitialized memory being referenced and later executed. Taking advantage of this issue relies on heap spraying and controlling the uninitialized memory. Currently this exploit works for IE6, IE7, and Firefox 3.6 and likely several other browsers. DEP does catch the exploit and causes it to fail. Due to the nature of the uninitialized memory its fairly difficult to get around this restriction.
Module type : exploit Rank : good Platforms : Windows
CVE-2011-611  Adobe Flash Player 10.2.153.1 SWF Memory Corruption Vulnerability
This module exploits a vulnerability in Adobe Flash Player that was discovered, and has been exploited actively in the wild. By embedding a specially crafted .swf file, Adobe Flash crashes due to an invalid use of an object type, which allows attackers to overwrite a pointer in memory, and results arbitrary code execution. Please note for IE 8 targets, Java Runtime Environment must be available on the victim machine in order to work properly.
Module type : exploit Rank : normal Platforms : Windows

Please note: Metasploit modules are only matched by CVE numbers. There may be other modules related to this product. Visit metasploit web site for more details
Total number of modules found = 24   Page : 1 (This Page)2
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.