• Adobe Reader U3D Memory Corruption Vulnerability
    Disclosure Date: 2011-12-06
    First seen: 2020-04-26
    exploit/windows/fileformat/adobe_reader_u3d
    This module exploits a vulnerability in the U3D handling within versions 9.x through 9.4.6 and 10 through to 10.1.1 of Adobe Reader. The vulnerability is due to the use of uninitialized memory. Arbitrary code execution is achieved by embedding specially crafted U3D data into a PDF document. A heap spray via JavaScript is used in order to ensure that the memory used by the invalid pointer issue is controlled. Authors: - Felipe Andres Manzano - sinn3r <sinn3r@metasploit.com> - juan vazquez <juan.vazquez@metasploit.com> - jduck <jduck@metasploit.com>
  • Adobe CoolType SING Table "uniqueName" Stack Buffer Overflow
    Disclosure Date: 2010-09-07
    First seen: 2020-04-26
    exploit/windows/browser/adobe_cooltype_sing
    This module exploits a vulnerability in the Smart INdependent Glyplets (SING) table handling within versions 8.2.4 and 9.3.4 of Adobe Reader. Prior versions are assumed to be vulnerable as well. Authors: - Unknown - sn0wfl0w - jduck <jduck@metasploit.com>
  • Adobe CoolType SING Table "uniqueName" Stack Buffer Overflow
    Disclosure Date: 2010-09-07
    First seen: 2020-04-26
    exploit/windows/fileformat/adobe_cooltype_sing
    This module exploits a vulnerability in the Smart INdependent Glyplets (SING) table handling within versions 8.2.4 and 9.3.4 of Adobe Reader. Prior versions are assumed to be vulnerable as well. Authors: - Unknown - sn0wfl0w - jduck <jduck@metasploit.com>
  • Adobe Flash Player "newfunction" Invalid Pointer Use
    Disclosure Date: 2010-06-04
    First seen: 2020-04-26
    exploit/windows/browser/adobe_flashplayer_newfunction
    This module exploits a vulnerability in the DoABC tag handling within versions 9.x and 10.0 of Adobe Flash Player. Adobe Reader and Acrobat are also vulnerable, as are any other applications that may embed Flash player. Arbitrary code execution is achieved by embedding a specially crafted Flash movie into a PDF document. An AcroJS heap spray is used in order to ensure that the memory used by the invalid pointer issue is controlled. NOTE: This module uses a similar DEP bypass method to that used within the adobe_libtiff module. This method is unlikely to work across various Windows versions due a hardcoded syscall number. Authors: - Unknown - jduck <jduck@metasploit.com>
  • Adobe Flash Player "newfunction" Invalid Pointer Use
    Disclosure Date: 2010-06-04
    First seen: 2020-04-26
    exploit/windows/fileformat/adobe_flashplayer_newfunction
    This module exploits a vulnerability in the DoABC tag handling within versions 9.x and 10.0 of Adobe Flash Player. Adobe Reader and Acrobat are also vulnerable, as are any other applications that may embed Flash player. Arbitrary code execution is achieved by embedding a specially crafted Flash movie into a PDF document. An AcroJS heap spray is used in order to ensure that the memory used by the invalid pointer issue is controlled. NOTE: This module uses a similar DEP bypass method to that used within the adobe_libtiff module. This method is unlikely to work across various Windows versions due a the hardcoded syscall number. Authors: - Unknown - jduck <jduck@metasploit.com>
  • Adobe U3D CLODProgressiveMeshDeclaration Array Overrun
    Disclosure Date: 2009-10-13
    First seen: 2020-04-26
    exploit/multi/fileformat/adobe_u3d_meshcont
    This module exploits an array overflow in Adobe Reader and Adobe Acrobat. Affected versions include < 7.1.4, < 8.1.7, and < 9.2. By creating a specially crafted pdf that a contains malformed U3D data, an attacker may be able to execute arbitrary code. Authors: - Felipe Andres Manzano <felipe.andres.manzano@gmail.com> - jduck <jduck@metasploit.com>
  • Adobe U3D CLODProgressiveMeshDeclaration Array Overrun
    Disclosure Date: 2009-10-13
    First seen: 2020-04-26
    exploit/windows/fileformat/adobe_u3d_meshdecl
    This module exploits an array overflow in Adobe Reader and Adobe Acrobat. Affected versions include < 7.1.4, < 8.2, and < 9.3. By creating a specially crafted pdf that a contains malformed U3D data, an attacker may be able to execute arbitrary code. Authors: - Felipe Andres Manzano <felipe.andres.manzano@gmail.com> - jduck <jduck@metasploit.com>
  • Adobe FlateDecode Stream Predictor 02 Integer Overflow
    Disclosure Date: 2009-10-08
    First seen: 2020-04-26
    exploit/windows/browser/adobe_flatedecode_predictor02
    This module exploits an integer overflow vulnerability in Adobe Reader and Adobe Acrobat Professional versions before 9.2. Authors: - unknown - jduck <jduck@metasploit.com> - jabra
  • Adobe FlateDecode Stream Predictor 02 Integer Overflow
    Disclosure Date: 2009-10-08
    First seen: 2020-04-26
    exploit/windows/fileformat/adobe_flatedecode_predictor02
    This module exploits an integer overflow vulnerability in Adobe Reader and Adobe Acrobat Professional versions before 9.2. Authors: - unknown - jduck <jduck@metasploit.com>
  • Adobe JBIG2Decode Memory Corruption
    Disclosure Date: 2009-02-19
    First seen: 2020-04-26
    exploit/windows/fileformat/adobe_jbig2decode
    This module exploits a heap-based pointer corruption flaw in Adobe Reader 9.0.0 and earlier. This module relies upon javascript for the heap spray. Authors: - natron <natron@metasploit.com> - xort - redsand - MC <mc@metasploit.com> - Didier Stevens <didier.stevens@gmail.com>
  • Adobe JBIG2Decode Heap Corruption
    Disclosure Date: 2009-02-19
    First seen: 2020-04-26
    exploit/windows/browser/adobe_jbig2decode
    This module exploits a heap-based pointer corruption flaw in Adobe Reader 9.0.0 and earlier. This module relies upon javascript for the heap spray. Authors: - natron <natron@metasploit.com> - xort - redsand - MC <mc@metasploit.com> - Didier Stevens <didier.stevens@gmail.com>
11 metasploit modules found
Please note: Metasploit modules are only matched by CVE numbers. Visit metasploit web site for more details
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!