CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Metasploit Modules Related To Adobe Acrobat Reader

CVE-2007-5659  Adobe Collab.collectEmailInfo() Buffer Overflow
This module exploits a buffer overflow in Adobe Reader and Adobe Acrobat Professional 8.1.1. By creating a specially crafted pdf that a contains malformed Collab.collectEmailInfo() call, an attacker may be able to execute arbitrary code.
Module type : exploit Rank : good Platforms : Windows
CVE-2008-2992  Adobe util.printf() Buffer Overflow
This module exploits a buffer overflow in Adobe Reader and Adobe Acrobat Professional < 8.1.3. By creating a specially crafted pdf that a contains malformed util.printf() entry, an attacker may be able to execute arbitrary code.
Module type : exploit Rank : good Platforms : Windows
CVE-2008-2992  Adobe util.printf() Buffer Overflow
This module exploits a buffer overflow in Adobe Reader and Adobe Acrobat Professional < 8.1.3. By creating a specially crafted pdf that a contains malformed util.printf() entry, an attacker may be able to execute arbitrary code.
Module type : exploit Rank : good Platforms : Windows
CVE-2009-658  Adobe JBIG2Decode Heap Corruption
This module exploits a heap-based pointer corruption flaw in Adobe Reader 9.0.0 and earlier. This module relies upon javascript for the heap spray.
Module type : exploit Rank : good Platforms : Windows
CVE-2009-658  Adobe JBIG2Decode Memory Corruption
This module exploits a heap-based pointer corruption flaw in Adobe Reader 9.0.0 and earlier. This module relies upon javascript for the heap spray.
Module type : exploit Rank : good Platforms : Windows
CVE-2009-927  Adobe Collab.getIcon() Buffer Overflow
This module exploits a buffer overflow in Adobe Reader and Adobe Acrobat. Affected versions include < 7.1.1, < 8.1.3, and < 9.1. By creating a specially crafted pdf that a contains malformed Collab.getIcon() call, an attacker may be able to execute arbitrary code.
Module type : exploit Rank : good Platforms : Windows
CVE-2009-927  Adobe Collab.getIcon() Buffer Overflow
This module exploits a buffer overflow in Adobe Reader and Adobe Acrobat. Affected versions include < 7.1.1, < 8.1.3, and < 9.1. By creating a specially crafted pdf that a contains malformed Collab.getIcon() call, an attacker may be able to execute arbitrary code.
Module type : exploit Rank : good Platforms : Windows
CVE-2009-2990  Adobe U3D CLODProgressiveMeshDeclaration Array Overrun
This module exploits an array overflow in Adobe Reader and Adobe Acrobat. Affected versions include < 7.1.4, < 8.1.7, and < 9.2. By creating a specially crafted pdf that a contains malformed U3D data, an attacker may be able to execute arbitrary code.
Module type : exploit Rank : good Platforms : Windows,Linux
CVE-2009-3459  Adobe FlateDecode Stream Predictor 02 Integer Overflow
This module exploits an integer overflow vulnerability in Adobe Reader and Adobe Acrobat Professional versions before 9.2.
Module type : exploit Rank : good Platforms : Windows
CVE-2009-3459  Adobe FlateDecode Stream Predictor 02 Integer Overflow
This module exploits an integer overflow vulnerability in Adobe Reader and Adobe Acrobat Professional versions before 9.2.
Module type : exploit Rank : good Platforms : Windows
CVE-2009-3953  Adobe U3D CLODProgressiveMeshDeclaration Array Overrun
This module exploits an array overflow in Adobe Reader and Adobe Acrobat. Affected versions include < 7.1.4, < 8.2, and < 9.3. By creating a specially crafted pdf that a contains malformed U3D data, an attacker may be able to execute arbitrary code.
Module type : exploit Rank : good Platforms : Windows
CVE-2009-4324  Adobe Doc.media.newPlayer Use After Free Vulnerability
This module exploits a use after free vulnerability in Adobe Reader and Adobe Acrobat Professional versions up to and including 9.2.
Module type : exploit Rank : good Platforms : Windows
CVE-2009-4324  Adobe Doc.media.newPlayer Use After Free Vulnerability
This module exploits a use after free vulnerability in Adobe Reader and Adobe Acrobat Professional versions up to and including 9.2.
Module type : exploit Rank : good Platforms : Windows
CVE-2010-188  Adobe Acrobat Bundled LibTIFF Integer Overflow
This module exploits an integer overflow vulnerability in Adobe Reader and Adobe Acrobat Professional versions 8.0 through 8.2 and 9.0 through 9.3.
Module type : exploit Rank : good Platforms : Windows
CVE-2010-1240  Adobe PDF Embedded EXE Social Engineering
This module embeds a Metasploit payload into an existing PDF file. The resulting PDF can be sent to a target as part of a social engineering attack.
Module type : exploit Rank : excellent Platforms : Windows
CVE-2010-1240  Adobe PDF Escape EXE Social Engineering (No JavaScript)
This module embeds a Metasploit payload into an existing PDF file in a non-standard method. The resulting PDF can be sent to a target as part of a social engineering attack.
Module type : exploit Rank : excellent Platforms : Windows
CVE-2010-1297  Adobe Flash Player &quot;newfunction&quot; Invalid Pointer Use
This module exploits a vulnerability in the DoABC tag handling within versions 9.x and 10.0 of Adobe Flash Player. Adobe Reader and Acrobat are also vulnerable, as are any other applications that may embed Flash player. Arbitrary code execution is achieved by embedding a specially crafted Flash movie into a PDF document. An AcroJS heap spray is used in order to ensure that the memory used by the invalid pointer issue is controlled. NOTE: This module uses a similar DEP bypass method to that used within the adobe_libtiff module. This method is unlikely to work across various Windows versions due a hardcoded syscall number.
Module type : exploit Rank : normal Platforms : Windows
CVE-2010-1297  Adobe Flash Player &quot;newfunction&quot; Invalid Pointer Use
This module exploits a vulnerability in the DoABC tag handling within versions 9.x and 10.0 of Adobe Flash Player. Adobe Reader and Acrobat are also vulnerable, as are any other applications that may embed Flash player. Arbitrary code execution is achieved by embedding a specially crafted Flash movie into a PDF document. An AcroJS heap spray is used in order to ensure that the memory used by the invalid pointer issue is controlled. NOTE: This module uses a similar DEP bypass method to that used within the adobe_libtiff module. This method is unlikely to work across various Windows versions due a the hardcoded syscall number.
Module type : exploit Rank : normal Platforms : Windows
CVE-2010-2883  Adobe CoolType SING Table &quot;uniqueName&quot; Stack Buffer Overflow
This module exploits a vulnerability in the Smart INdependent Glyplets (SING) table handling within versions 8.2.4 and 9.3.4 of Adobe Reader. Prior versions are assumed to be vulnerable as well.
Module type : exploit Rank : great Platforms : Windows
CVE-2010-2883  Adobe CoolType SING Table &quot;uniqueName&quot; Stack Buffer Overflow
This module exploits a vulnerability in the Smart INdependent Glyplets (SING) table handling within versions 8.2.4 and 9.3.4 of Adobe Reader. Prior versions are assumed to be vulnerable as well.
Module type : exploit Rank : great Platforms : Windows

Please note: Metasploit modules are only matched by CVE numbers. There may be other modules related to this product. Visit metasploit web site for more details
Total number of modules found = 27   Page : 1 (This Page)2
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.