• Adobe Reader ToolButton Use After Free
    Disclosure Date: 2013-08-08
    First seen: 2020-04-26
    exploit/windows/browser/adobe_toolbutton
    This module exploits an use after free condition on Adobe Reader versions 11.0.2, 10.1.6 and 9.5.4 and prior. The vulnerability exists while handling the ToolButton object, where the cEnable callback can be used to early free the object memory. Later use of the object allows triggering the use after free condition. This module has been tested successfully on Adobe Reader 11.0.2 and 10.0.4, with IE and Windows XP SP3, as exploited in the wild in November, 2013. At the moment, this module doesn't support Adobe Reader 9 targets; in order to exploit Adobe Reader 9 the fileformat version of the exploit can be used. Authors: - Soroush Dalili - Unknown - sinn3r <sinn3r@metasploit.com> - juan vazquez <juan.vazquez@metasploit.com>
  • Adobe Reader ToolButton Use After Free
    Disclosure Date: 2013-08-08
    First seen: 2020-04-26
    exploit/windows/fileformat/adobe_toolbutton
    This module exploits a use after free condition on Adobe Reader versions 11.0.2, 10.1.6 and 9.5.4 and prior. The vulnerability exists while handling the ToolButton object, where the cEnable callback can be used to early free the object memory. Later use of the object allows triggering the use after free condition. This module has been tested successfully on Adobe Reader 11.0.2, 10.0.4 and 9.5.0 on Windows XP SP3, as exploited in the wild in November, 2013. Authors: - Soroush Dalili - Unknown - sinn3r <sinn3r@metasploit.com> - juan vazquez <juan.vazquez@metasploit.com>
  • AdobeCollabSync Buffer Overflow Adobe Reader X Sandbox Bypass
    Disclosure Date: 2013-05-14
    First seen: 2020-04-26
    exploit/windows/local/adobe_sandbox_adobecollabsync
    This module exploits a vulnerability on Adobe Reader X Sandbox. The vulnerability is due to a sandbox rule allowing a Low Integrity AcroRd32.exe process to write register values which can be used to trigger a buffer overflow on the AdobeCollabSync component, allowing to achieve Medium Integrity Level privileges from a Low Integrity AcroRd32.exe process. This module has been tested successfully on Adobe Reader X 10.1.4 over Windows 7 SP1. Authors: - Felipe Andres Manzano - juan vazquez <juan.vazquez@metasploit.com>
  • Adobe Reader U3D Memory Corruption Vulnerability
    Disclosure Date: 2011-12-06
    First seen: 2020-04-26
    exploit/windows/fileformat/adobe_reader_u3d
    This module exploits a vulnerability in the U3D handling within versions 9.x through 9.4.6 and 10 through to 10.1.1 of Adobe Reader. The vulnerability is due to the use of uninitialized memory. Arbitrary code execution is achieved by embedding specially crafted U3D data into a PDF document. A heap spray via JavaScript is used in order to ensure that the memory used by the invalid pointer issue is controlled. Authors: - Felipe Andres Manzano - sinn3r <sinn3r@metasploit.com> - juan vazquez <juan.vazquez@metasploit.com> - jduck <jduck@metasploit.com>
  • Adobe Flash Player 10.2.153.1 SWF Memory Corruption Vulnerability
    Disclosure Date: 2011-04-11
    First seen: 2020-04-26
    exploit/windows/browser/adobe_flashplayer_flash10o
    This module exploits a vulnerability in Adobe Flash Player that was discovered, and has been exploited actively in the wild. By embedding a specially crafted .swf file, Adobe Flash crashes due to an invalid use of an object type, which allows attackers to overwrite a pointer in memory, and results arbitrary code execution. Please note for IE 8 targets, Java Runtime Environment must be available on the victim machine in order to work properly. Authors: - sinn3r <sinn3r@metasploit.com>
  • Adobe Flash Player AVM Bytecode Verification Vulnerability
    Disclosure Date: 2011-03-15
    First seen: 2020-04-26
    exploit/windows/browser/adobe_flashplayer_avm
    This module exploits a vulnerability in Adobe Flash Player versions 10.2.152.33 and earlier. This issue is caused by a failure in the ActionScript3 AVM2 verification logic. This results in unsafe JIT(Just-In-Time) code being executed. This is the same vulnerability that was used for the RSA attack in March 2011. Specifically, this issue results in uninitialized memory being referenced and later executed. Taking advantage of this issue relies on heap spraying and controlling the uninitialized memory. Currently this exploit works for IE6, IE7, and Firefox 3.6 and likely several other browsers. DEP does catch the exploit and causes it to fail. Due to the nature of the uninitialized memory its fairly difficult to get around this restriction. Authors: - bannedit <bannedit@metasploit.com> - Unknown
6 metasploit modules found
Please note: Metasploit modules are only matched by CVE numbers. Visit metasploit web site for more details
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!