Stack-based buffer overflow in CoolType.dll in Adobe Reader and Acrobat 9.x prior to 9.4, and 8.x prior to 8.2.5 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PDF document with a long field in a Smart INdependent Glyphlets (SING) table in a TTF font, as exploited in the wild in September 2010. NOTE: some of these details are obtained from third party information.
| Vendor | Product | Versions |
|---|---|---|
| Adobe | Acrobat | 8.0, 8.1, 8.1.1, 8.1.2, 8.1.3, 8.1.4, 8.1.5, 8.1.6, 8.1.7, 8.2, 8.2.1, 8.2.2, 8.2.4, 9.0, 9.1, 9.1.1, 9.1.2, 9.1.3, 9.2, 9.3, 9.3.1, 9.3.2, 9.3.3, 9.3.4 |
| Adobe | Acrobat Reader | 8.0, 8.1, 8.1.1, 8.1.2, 8.1.4, 8.1.5, 8.1.6, 8.1.7, 8.2.1, 8.2.2, 8.2.3, 8.2.4, 9.0, 9.1, 9.1.1, 9.1.2, 9.1.3, 9.2, 9.3, 9.3.1, 9.3.2, 9.3.3, 9.3.4 |
This module exploits a vulnerability in the Smart INdependent Glyplets (SING) table handling within versions 8.2.4 and 9.3.4 of Adobe Reader. Prior versions are assumed to be vulnerable as well.
Vulmon
msf > use exploit/windows/browser/adobe_cooltype_sing
msf exploit(adobe_cooltype_sing) > show targets
...targets...
msf exploit(adobe_cooltype_sing) > set TARGET <target-id>
msf exploit(adobe_cooltype_sing) > show options
...show and set options...
msf exploit(adobe_cooltype_sing) > exploitThis module exploits a vulnerability in the Smart INdependent Glyplets (SING) table handling within versions 8.2.4 and 9.3.4 of Adobe Reader. Prior versions are assumed to be vulnerable as well.
msf > use exploit/windows/fileformat/adobe_cooltype_sing
msf exploit(adobe_cooltype_sing) > show targets
...targets...
msf exploit(adobe_cooltype_sing) > set TARGET <target-id>
msf exploit(adobe_cooltype_sing) > show options
...show and set options...
msf exploit(adobe_cooltype_sing) > exploitmyblog 我的博客 <ul> <li id="by201902220001" class="p10 mb20 box-shadow"> <dl> <dt> <a href="/article/201902220001" class="" title="CVE-2010-2883">CVE-2010-2883</a> </dt> <dd> <p
各种CVE的复现,部分包括fuzzer样例。
CVE 这里有我复现过的一些漏洞资源,欢迎下载,漏洞的复现过程在我的博客或者csdn上都有,欢迎交流
ROP Collection A collection of ROP exploits and programs from the "Static Analysis of ROP Code" paper (EuroSec '19) This repository (we are working behind the scenes, please bear with us) aims at providing for each hosted ROP payload detailed information on the vulnerable application or vector and the characteristics of the chain, including: reference links for
articles 个人博客。 本职工作从事恶意代码分析,时间有限,记录业余兴趣研究 fuzzing系列 基于protobuf构建fuzzer(libpng) opessl fuzzing测试学习过程 pwn DynELF leak函数导致堆栈不平衡 Linux x64 pwn 学习 恶意代码分析 记录一次恶心混淆之静态配置解密的处理 漏洞分析 tcpdump 451 crash 深入分析 CoolPlayer
Let’s examine a couple of interesting delivery techniques from an APT active for the past several years, the Spring Dragon APT. A paper released today by our colleagues at Palo Alto Networks presented a portion of data on this crew under the label “the Lotus Blossom Operation“, likely named for the debug string present in much of the “Elise” codebase since at least 2012: “d:\lstudio\projects\lotus\…”.
The group’s capabilities are more than the much discussed CVE...
Kaspersky Lab presents its malware rankings for October.
Overall, October was relatively quiet, although there were a few incidents worthy of note. Virus.Win32.Murofet, which infected a large number of PE files, was detected at the beginning of the month. What makes this malware interesting is that it generates links using a special algorithm based on the current date and time on the infected computer. Murofet gets the system’s current year, month, date, and minute, generates two double ...
UPDATE: After announcing that it was accelerating a critical patch of its Reader program last week, Adobe pushed out a large patch on Tuesday, fixing 23 separate vulnerabilities in its Reader and Acrobat applications.
The huge quarterly security update included company issued Security Bulletin APSB10-21, patching Adobe Reader up to and including Version 9.3.4 for Windows, mac and UNIX, and Acrobat 9.3.4 for Windows and Macintosh. The patches had originally be scheduled for Oc...
Adobe is moving up the release date for the patch for the critical bug in Reader and Acrobat and will now push the fix out on Oct. 5 instead of the following week. The flaw was disclosed last month and has been the target of attacks for several weeks now.
The company said on Thursday that it has moved the patch release up by a week and as a result, Adobe won’t be releasing any other patches for Reader or Acrobat on its regularly scheduled release day of Oct. 12.
“Ado...
Attackers are using a previously unknown exploitation technique that bypasses both ASLR and DEP to exploit the unpatched Adobe Reader bug that Adobe warned users about on Wednesday. The exploit works on machines running either Windows Vista or Windows 7 and is also dropping a file on compromised machines that is signed using a stolen, valid digital certificate.
Adobe published an advisory about the new Reader bug on Wednesday, but was stingy with the details, saying only that i...
Adobe today sounded an alarm for a new zero-day flaw in its PDF Reader/Acrobat software, warning that hackers are actively exploiting the vulnerability in-the-wild.
Details on the vulnerability are not yet public but the sudden warning from Adobe is a sure sign that rigged PDF documents are being used by malicious hackers to take complete control of machines with the latest versions of Adobe Reader/Acrobat installed.
Here’s Adobe’s warning:
A critical vul...