Metasploit modules that can be used to exploit Adobe products

Order by Disclosure Date Module Name Module Type
  • Adobe Flash Player "newfunction" Invalid Pointer Use
    Disclosure Date: 2010-06-04
    First seen: 2020-04-26
    exploit/windows/browser/adobe_flashplayer_newfunction
    This module exploits a vulnerability in the DoABC tag handling within versions 9.x and 10.0 of Adobe Flash Player. Adobe Reader and Acrobat are also vulnerable, as are any other applications that may embed Flash player. Arbitrary code execution is achieved by embedding a specially crafted Flash movie into a PDF document. An AcroJS heap spray is used in order to ensure that the memory used by the invalid pointer issue is controlled. NOTE: This module uses a similar DEP bypass method to that used within the adobe_libtiff module. This method is unlikely to work across various Windows versions due a hardcoded syscall number. Authors: - Unknown - jduck <jduck@metasploit.com>
  • Adobe Flash Player "newfunction" Invalid Pointer Use
    Disclosure Date: 2010-06-04
    First seen: 2020-04-26
    exploit/windows/fileformat/adobe_flashplayer_newfunction
    This module exploits a vulnerability in the DoABC tag handling within versions 9.x and 10.0 of Adobe Flash Player. Adobe Reader and Acrobat are also vulnerable, as are any other applications that may embed Flash player. Arbitrary code execution is achieved by embedding a specially crafted Flash movie into a PDF document. An AcroJS heap spray is used in order to ensure that the memory used by the invalid pointer issue is controlled. NOTE: This module uses a similar DEP bypass method to that used within the adobe_libtiff module. This method is unlikely to work across various Windows versions due a the hardcoded syscall number. Authors: - Unknown - jduck <jduck@metasploit.com>
  • Adobe PDF Escape EXE Social Engineering (No JavaScript)
    Disclosure Date: 2010-03-29
    First seen: 2020-04-26
    exploit/windows/fileformat/adobe_pdf_embedded_exe_nojs
    This module embeds a Metasploit payload into an existing PDF file in a non-standard method. The resulting PDF can be sent to a target as part of a social engineering attack. Authors: - Jeremy Conway <jeremy@sudosecure.net>
  • Adobe PDF Embedded EXE Social Engineering
    Disclosure Date: 2010-03-29
    First seen: 2020-04-26
    exploit/windows/fileformat/adobe_pdf_embedded_exe
    This module embeds a Metasploit payload into an existing PDF file. The resulting PDF can be sent to a target as part of a social engineering attack. Authors: - Colin Ames <amesc@attackresearch.com> - jduck <jduck@metasploit.com>
  • Adobe Acrobat Bundled LibTIFF Integer Overflow
    Disclosure Date: 2010-02-16
    First seen: 2020-04-26
    exploit/windows/fileformat/adobe_libtiff
    This module exploits an integer overflow vulnerability in Adobe Reader and Adobe Acrobat Professional versions 8.0 through 8.2 and 9.0 through 9.3. Authors: - Microsoft - villy <villys777@gmail.com> - jduck <jduck@metasploit.com>
  • Adobe Doc.media.newPlayer Use After Free Vulnerability
    Disclosure Date: 2009-12-14
    First seen: 2020-04-26
    exploit/windows/fileformat/adobe_media_newplayer
    This module exploits a use after free vulnerability in Adobe Reader and Adobe Acrobat Professional versions up to and including 9.2. Authors: - unknown - hdm <x@hdm.io> - pusscat <pusscat@metasploit.com> - jduck <jduck@metasploit.com>
  • Adobe Doc.media.newPlayer Use After Free Vulnerability
    Disclosure Date: 2009-12-14
    First seen: 2020-04-26
    exploit/windows/browser/adobe_media_newplayer
    This module exploits a use after free vulnerability in Adobe Reader and Adobe Acrobat Professional versions up to and including 9.2. Authors: - unknown - hdm <x@hdm.io> - pusscat <pusscat@metasploit.com> - jduck <jduck@metasploit.com> - jabra
  • Adobe Illustrator CS4 v14.0.0
    Disclosure Date: 2009-12-03
    First seen: 2020-04-26
    exploit/windows/fileformat/adobe_illustrator_v14_eps
    Adobe Illustrator CS4 (V14.0.0) Encapsulated Postscript (.eps) overlong DSC Comment Buffer Overflow Exploit Authors: - pyrokinesis - dookie
  • Adobe U3D CLODProgressiveMeshDeclaration Array Overrun
    Disclosure Date: 2009-10-13
    First seen: 2020-04-26
    exploit/windows/fileformat/adobe_u3d_meshdecl
    This module exploits an array overflow in Adobe Reader and Adobe Acrobat. Affected versions include < 7.1.4, < 8.2, and < 9.3. By creating a specially crafted pdf that a contains malformed U3D data, an attacker may be able to execute arbitrary code. Authors: - Felipe Andres Manzano <felipe.andres.manzano@gmail.com> - jduck <jduck@metasploit.com>
  • Adobe U3D CLODProgressiveMeshDeclaration Array Overrun
    Disclosure Date: 2009-10-13
    First seen: 2020-04-26
    exploit/multi/fileformat/adobe_u3d_meshcont
    This module exploits an array overflow in Adobe Reader and Adobe Acrobat. Affected versions include < 7.1.4, < 8.1.7, and < 9.2. By creating a specially crafted pdf that a contains malformed U3D data, an attacker may be able to execute arbitrary code. Authors: - Felipe Andres Manzano <felipe.andres.manzano@gmail.com> - jduck <jduck@metasploit.com>
  • Adobe FlateDecode Stream Predictor 02 Integer Overflow
    Disclosure Date: 2009-10-08
    First seen: 2020-04-26
    exploit/windows/fileformat/adobe_flatedecode_predictor02
    This module exploits an integer overflow vulnerability in Adobe Reader and Adobe Acrobat Professional versions before 9.2. Authors: - unknown - jduck <jduck@metasploit.com>
  • Adobe FlateDecode Stream Predictor 02 Integer Overflow
    Disclosure Date: 2009-10-08
    First seen: 2020-04-26
    exploit/windows/browser/adobe_flatedecode_predictor02
    This module exploits an integer overflow vulnerability in Adobe Reader and Adobe Acrobat Professional versions before 9.2. Authors: - unknown - jduck <jduck@metasploit.com> - jabra
  • Adobe RoboHelp Server 8 Arbitrary File Upload and Execute
    Disclosure Date: 2009-09-23
    First seen: 2020-04-26
    exploit/windows/http/adobe_robohelper_authbypass
    This module exploits an authentication bypass vulnerability which allows remote attackers to upload and execute arbitrary code. Authors: - MC <mc@metasploit.com>
  • Adobe Collab.getIcon() Buffer Overflow
    Disclosure Date: 2009-03-24
    First seen: 2020-04-26
    exploit/windows/browser/adobe_geticon
    This module exploits a buffer overflow in Adobe Reader and Adobe Acrobat. Affected versions include < 7.1.1, < 8.1.3, and < 9.1. By creating a specially crafted pdf that a contains malformed Collab.getIcon() call, an attacker may be able to execute arbitrary code. Authors: - MC <mc@metasploit.com> - Didier Stevens <didier.stevens@gmail.com> - jduck <jduck@metasploit.com>
  • Adobe Collab.getIcon() Buffer Overflow
    Disclosure Date: 2009-03-24
    First seen: 2020-04-26
    exploit/windows/fileformat/adobe_geticon
    This module exploits a buffer overflow in Adobe Reader and Adobe Acrobat. Affected versions include < 7.1.1, < 8.1.3, and < 9.1. By creating a specially crafted pdf that a contains malformed Collab.getIcon() call, an attacker may be able to execute arbitrary code. Authors: - MC <mc@metasploit.com> - Didier Stevens <didier.stevens@gmail.com> - jduck <jduck@metasploit.com>
  • Adobe JBIG2Decode Memory Corruption
    Disclosure Date: 2009-02-19
    First seen: 2020-04-26
    exploit/windows/fileformat/adobe_jbig2decode
    This module exploits a heap-based pointer corruption flaw in Adobe Reader 9.0.0 and earlier. This module relies upon javascript for the heap spray. Authors: - natron <natron@metasploit.com> - xort - redsand - MC <mc@metasploit.com> - Didier Stevens <didier.stevens@gmail.com>
  • Adobe JBIG2Decode Heap Corruption
    Disclosure Date: 2009-02-19
    First seen: 2020-04-26
    exploit/windows/browser/adobe_jbig2decode
    This module exploits a heap-based pointer corruption flaw in Adobe Reader 9.0.0 and earlier. This module relies upon javascript for the heap spray. Authors: - natron <natron@metasploit.com> - xort - redsand - MC <mc@metasploit.com> - Didier Stevens <didier.stevens@gmail.com>
  • Adobe Flash Player ActionScript Launch Command Execution Vulnerability
    Disclosure Date: 2008-12-17
    First seen: 2020-04-26
    exploit/linux/browser/adobe_flashplayer_aslaunch
    This module exploits a vulnerability in Adobe Flash Player for Linux, version 10.0.12.36 and 9.0.151.0 and prior. An input validation vulnerability allows command execution when the browser loads a SWF file which contains shell metacharacters in the arguments to the ActionScript launch method. The victim must have Adobe AIR installed for the exploit to work. This module was tested against version 10.0.12.36 (10r12_36). Authors: - 0a29406d9794e4f9b30b3c5d6702c708
  • Adobe util.printf() Buffer Overflow
    Disclosure Date: 2008-02-08
    First seen: 2020-04-26
    exploit/windows/fileformat/adobe_utilprintf
    This module exploits a buffer overflow in Adobe Reader and Adobe Acrobat Professional < 8.1.3. By creating a specially crafted pdf that a contains malformed util.printf() entry, an attacker may be able to execute arbitrary code. Authors: - MC <mc@metasploit.com> - Didier Stevens <didier.stevens@gmail.com>
  • Adobe util.printf() Buffer Overflow
    Disclosure Date: 2008-02-08
    First seen: 2020-04-26
    exploit/windows/browser/adobe_utilprintf
    This module exploits a buffer overflow in Adobe Reader and Adobe Acrobat Professional < 8.1.3. By creating a specially crafted pdf that a contains malformed util.printf() entry, an attacker may be able to execute arbitrary code. Authors: - MC <mc@metasploit.com> - Didier Stevens <didier.stevens@gmail.com>
60 metasploit modules found
1 2 3
Please note: Metasploit modules are only matched by CVE numbers. Visit metasploit web site for more details
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close