Metasploit modules that can be used to exploit Adobe products
-
Adobe Flash Player "newfunction" Invalid Pointer Use
Disclosure Date: 2010-06-04First seen: 2020-04-26exploit/windows/browser/adobe_flashplayer_newfunctionThis module exploits a vulnerability in the DoABC tag handling within versions 9.x and 10.0 of Adobe Flash Player. Adobe Reader and Acrobat are also vulnerable, as are any other applications that may embed Flash player. Arbitrary code execution is achieved by embedding a specially crafted Flash movie into a PDF document. An AcroJS heap spray is used in order to ensure that the memory used by the invalid pointer issue is controlled. NOTE: This module uses a similar DEP bypass method to that used within the adobe_libtiff module. This method is unlikely to work across various Windows versions due a hardcoded syscall number. Authors: - Unknown - jduck <jduck@metasploit.com> -
Adobe Flash Player "newfunction" Invalid Pointer Use
Disclosure Date: 2010-06-04First seen: 2020-04-26exploit/windows/fileformat/adobe_flashplayer_newfunctionThis module exploits a vulnerability in the DoABC tag handling within versions 9.x and 10.0 of Adobe Flash Player. Adobe Reader and Acrobat are also vulnerable, as are any other applications that may embed Flash player. Arbitrary code execution is achieved by embedding a specially crafted Flash movie into a PDF document. An AcroJS heap spray is used in order to ensure that the memory used by the invalid pointer issue is controlled. NOTE: This module uses a similar DEP bypass method to that used within the adobe_libtiff module. This method is unlikely to work across various Windows versions due a the hardcoded syscall number. Authors: - Unknown - jduck <jduck@metasploit.com> -
Adobe PDF Escape EXE Social Engineering (No JavaScript)
Disclosure Date: 2010-03-29First seen: 2020-04-26exploit/windows/fileformat/adobe_pdf_embedded_exe_nojsThis module embeds a Metasploit payload into an existing PDF file in a non-standard method. The resulting PDF can be sent to a target as part of a social engineering attack. Authors: - Jeremy Conway <jeremy@sudosecure.net> -
Adobe PDF Embedded EXE Social Engineering
Disclosure Date: 2010-03-29First seen: 2020-04-26exploit/windows/fileformat/adobe_pdf_embedded_exeThis module embeds a Metasploit payload into an existing PDF file. The resulting PDF can be sent to a target as part of a social engineering attack. Authors: - Colin Ames <amesc@attackresearch.com> - jduck <jduck@metasploit.com> -
Adobe Acrobat Bundled LibTIFF Integer Overflow
Disclosure Date: 2010-02-16First seen: 2020-04-26exploit/windows/fileformat/adobe_libtiffThis module exploits an integer overflow vulnerability in Adobe Reader and Adobe Acrobat Professional versions 8.0 through 8.2 and 9.0 through 9.3. Authors: - Microsoft - villy <villys777@gmail.com> - jduck <jduck@metasploit.com> -
Adobe Doc.media.newPlayer Use After Free Vulnerability
Disclosure Date: 2009-12-14First seen: 2020-04-26exploit/windows/fileformat/adobe_media_newplayerThis module exploits a use after free vulnerability in Adobe Reader and Adobe Acrobat Professional versions up to and including 9.2. Authors: - unknown - hdm <x@hdm.io> - pusscat <pusscat@metasploit.com> - jduck <jduck@metasploit.com> -
Adobe Doc.media.newPlayer Use After Free Vulnerability
Disclosure Date: 2009-12-14First seen: 2020-04-26exploit/windows/browser/adobe_media_newplayerThis module exploits a use after free vulnerability in Adobe Reader and Adobe Acrobat Professional versions up to and including 9.2. Authors: - unknown - hdm <x@hdm.io> - pusscat <pusscat@metasploit.com> - jduck <jduck@metasploit.com> - jabra -
Adobe Illustrator CS4 v14.0.0
Disclosure Date: 2009-12-03First seen: 2020-04-26exploit/windows/fileformat/adobe_illustrator_v14_epsAdobe Illustrator CS4 (V14.0.0) Encapsulated Postscript (.eps) overlong DSC Comment Buffer Overflow Exploit Authors: - pyrokinesis - dookie -
Adobe U3D CLODProgressiveMeshDeclaration Array Overrun
Disclosure Date: 2009-10-13First seen: 2020-04-26exploit/windows/fileformat/adobe_u3d_meshdeclThis module exploits an array overflow in Adobe Reader and Adobe Acrobat. Affected versions include < 7.1.4, < 8.2, and < 9.3. By creating a specially crafted pdf that a contains malformed U3D data, an attacker may be able to execute arbitrary code. Authors: - Felipe Andres Manzano <felipe.andres.manzano@gmail.com> - jduck <jduck@metasploit.com> -
Adobe U3D CLODProgressiveMeshDeclaration Array Overrun
Disclosure Date: 2009-10-13First seen: 2020-04-26exploit/multi/fileformat/adobe_u3d_meshcontThis module exploits an array overflow in Adobe Reader and Adobe Acrobat. Affected versions include < 7.1.4, < 8.1.7, and < 9.2. By creating a specially crafted pdf that a contains malformed U3D data, an attacker may be able to execute arbitrary code. Authors: - Felipe Andres Manzano <felipe.andres.manzano@gmail.com> - jduck <jduck@metasploit.com> -
Adobe FlateDecode Stream Predictor 02 Integer Overflow
Disclosure Date: 2009-10-08First seen: 2020-04-26exploit/windows/fileformat/adobe_flatedecode_predictor02This module exploits an integer overflow vulnerability in Adobe Reader and Adobe Acrobat Professional versions before 9.2. Authors: - unknown - jduck <jduck@metasploit.com> -
Adobe FlateDecode Stream Predictor 02 Integer Overflow
Disclosure Date: 2009-10-08First seen: 2020-04-26exploit/windows/browser/adobe_flatedecode_predictor02This module exploits an integer overflow vulnerability in Adobe Reader and Adobe Acrobat Professional versions before 9.2. Authors: - unknown - jduck <jduck@metasploit.com> - jabra -
Adobe RoboHelp Server 8 Arbitrary File Upload and Execute
Disclosure Date: 2009-09-23First seen: 2020-04-26exploit/windows/http/adobe_robohelper_authbypassThis module exploits an authentication bypass vulnerability which allows remote attackers to upload and execute arbitrary code. Authors: - MC <mc@metasploit.com> -
Adobe Collab.getIcon() Buffer Overflow
Disclosure Date: 2009-03-24First seen: 2020-04-26exploit/windows/browser/adobe_geticonThis module exploits a buffer overflow in Adobe Reader and Adobe Acrobat. Affected versions include < 7.1.1, < 8.1.3, and < 9.1. By creating a specially crafted pdf that a contains malformed Collab.getIcon() call, an attacker may be able to execute arbitrary code. Authors: - MC <mc@metasploit.com> - Didier Stevens <didier.stevens@gmail.com> - jduck <jduck@metasploit.com> -
Adobe Collab.getIcon() Buffer Overflow
Disclosure Date: 2009-03-24First seen: 2020-04-26exploit/windows/fileformat/adobe_geticonThis module exploits a buffer overflow in Adobe Reader and Adobe Acrobat. Affected versions include < 7.1.1, < 8.1.3, and < 9.1. By creating a specially crafted pdf that a contains malformed Collab.getIcon() call, an attacker may be able to execute arbitrary code. Authors: - MC <mc@metasploit.com> - Didier Stevens <didier.stevens@gmail.com> - jduck <jduck@metasploit.com> -
Adobe JBIG2Decode Memory Corruption
Disclosure Date: 2009-02-19First seen: 2020-04-26exploit/windows/fileformat/adobe_jbig2decodeThis module exploits a heap-based pointer corruption flaw in Adobe Reader 9.0.0 and earlier. This module relies upon javascript for the heap spray. Authors: - natron <natron@metasploit.com> - xort - redsand - MC <mc@metasploit.com> - Didier Stevens <didier.stevens@gmail.com> -
Adobe JBIG2Decode Heap Corruption
Disclosure Date: 2009-02-19First seen: 2020-04-26exploit/windows/browser/adobe_jbig2decodeThis module exploits a heap-based pointer corruption flaw in Adobe Reader 9.0.0 and earlier. This module relies upon javascript for the heap spray. Authors: - natron <natron@metasploit.com> - xort - redsand - MC <mc@metasploit.com> - Didier Stevens <didier.stevens@gmail.com> -
Adobe Flash Player ActionScript Launch Command Execution Vulnerability
Disclosure Date: 2008-12-17First seen: 2020-04-26exploit/linux/browser/adobe_flashplayer_aslaunchThis module exploits a vulnerability in Adobe Flash Player for Linux, version 10.0.12.36 and 9.0.151.0 and prior. An input validation vulnerability allows command execution when the browser loads a SWF file which contains shell metacharacters in the arguments to the ActionScript launch method. The victim must have Adobe AIR installed for the exploit to work. This module was tested against version 10.0.12.36 (10r12_36). Authors: - 0a29406d9794e4f9b30b3c5d6702c708 -
Adobe util.printf() Buffer Overflow
Disclosure Date: 2008-02-08First seen: 2020-04-26exploit/windows/fileformat/adobe_utilprintfThis module exploits a buffer overflow in Adobe Reader and Adobe Acrobat Professional < 8.1.3. By creating a specially crafted pdf that a contains malformed util.printf() entry, an attacker may be able to execute arbitrary code. Authors: - MC <mc@metasploit.com> - Didier Stevens <didier.stevens@gmail.com> -
Adobe util.printf() Buffer Overflow
Disclosure Date: 2008-02-08First seen: 2020-04-26exploit/windows/browser/adobe_utilprintfThis module exploits a buffer overflow in Adobe Reader and Adobe Acrobat Professional < 8.1.3. By creating a specially crafted pdf that a contains malformed util.printf() entry, an attacker may be able to execute arbitrary code. Authors: - MC <mc@metasploit.com> - Didier Stevens <didier.stevens@gmail.com>
Please note: Metasploit modules are only matched by CVE numbers.
Visit metasploit web site for more details