Adobe Reader 11.0.0 - Stack Overflow Crash (PoC)

EDB-ID:

22464

CVE:


Author:

coolkaveh

Type:

dos

Platform:

Windows

Published:

2012-11-04

Title    :  Adobe Reader 11.0.0 Stack overflow 
Version  :  11.0.0.379
Date     :  2012-11-01
Vendor   :  http://www.adobe.com/
Impact   :  Med
Contact  :  coolkaveh [at] rocketmail.com
Twitter  :  @coolkaveh
tested   :  Windows 7 X64 ENG
Author   :  coolkaveh
###########################################################################################################
Bug :
----
Don't forget that exploitable bugs will be published after being patched
----
Stack Exhaustion vulnerability during the handling of the pdf files.
That will trigger a denial of service condition
---- 
############################################################################################################
ADOBE_READLOGGER_CMD:PAUSE_LOG
ModLoad: 71770000 71799000   C:\Program Files (x86)\Adobe\Reader 11.0\Reader\BIBUtils.dll
(23ac.1cc8): Stack overflow - code c00000fd (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
eax=00acefa8 
ebx=004431a8 
ecx=0000001c 
edx=00000be7 
esi=00443094 
edi=00443130
eip=772a22a8 
esp=00443000 
ebp=0044300c iopl=0         nv up ei pl nz na pe nc
cs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00010206
ntdll!RtlEnterCriticalSection+0x8:
772a22a8 56              push    esi
###########################################################################################################
Proof of concept included. 

http://www42.zippyshare.com/v/23669551/file.html
Exploit-DB Mirror: https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/22464.pdf