Adobe Acrobat Reader 8.1.2 < 9.0 - 'getIcon()' Memory Corruption

EDB-ID:

8595

Author:

Abysssec

Type:

local

Platform:

Windows

Published:

2009-05-04

Affected Version   : Acrobat Reader 8.1.2 - 9.0
Vendor  Patch      : http://www.adobe.com/support/security/bulletins/apsb09-04.html
Tested   On        : XP SP2 / SP3

from ZDI :  http://www.zerodayinitiative.com/advisories/ZDI-09-014/

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations
of Adobe Acrobat and Adobe Reader. User interaction is required in that a user must visit a
malicious web site or open a malicious file.The specific flaw exists when processing malicious
JavaScript contained in a PDF document. When supplying a specially crafted argument to the getIcon()
method of a Collab object, proper bounds checking is not performed resulting in a stack overflow.
If successfully exploited full control of the affected machine running under the credentials of the
currently logged in user can be achieved.

This vulnerability was discovered by:

Tenable Network Security (there is a man named Nicolas Pouvesle and we know == > he has lots of exploitation method  ; ))

Exploit By :  www.Abysssec.com

note : this exploit is just for educational purpose so shellcode will execute calc if you want other shellcode change shellcode .

Exploit Link : http://abysssec.com/Adobe.Collab.getIcon().pdf
Mirror  Link : https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/8595.pdf (2009-Adobe.Collab.getIcon.pdf)

# milw0rm.com [2009-05-04]