Skip to content
cyberexploits
localwindowstext

Adobe Acrobat Reader - ASLR + DEP Bypass with Sandbox Bypass

Adobe Acrobat Reader - ASLR + DEP Bypass with Sandbox Bypass

Published on 2013-11-28

Source code

Pinned to commit 7eac4c3a2ce5
textplatforms/windows/local/29881.txt7eac4c3a
raw
CVE-2013-0640/1

Somehow, our script got on to the Russian forums :/



@w3bd3vil and @abh1sek



Exploit-DB mirror: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/29881.tar.gz



Adobe Acrobat Reader ASLR/DEP bypass Exploit with SANDBOX BYPASS

=================================================================



Supported Adobe Reader Versions:



* 11.0.1

* 11.0.0



* 10.1.5

* 10.1.4

* 10.1.3

* 10.1.2

* 10.1



* 9.5



Tested on:



* Windows 7 (32 bit)

* Windows 7 (64 bit)

* Windows XP



Script Requirements:



* Run on Windows :-)

* Ruby 1.9.x (http://rubyforge.org/frs/download.php/76752/rubyinstaller-1.9.3-p385.exe)

* Gems: origami, metasm (In command prompt type, gem install metasm && gem install origami -v "=1.2.5")



FYI:

a. It's a rip, of the original exploit.

b. Works most of the times.

c. We never really got into completing our script options though.



ruby xfa_MAGIC.rb -h

Usage: xfa_MAGIC.rb [options]

    -i, --input [FILE]               Input PDF. If provided, exploit will be injected into it (optional)

    -p, --payload [FILE]             PE executable to embed in the payload

        --low-mem                    Use Heap spray suitable for low memory environment

    -o, --output [FILE]              File path to write output PDF

    -h, --help                       Show help

(Some commands are not supported at the moment)



ruby xfa_MAGIC.rb -p example.exe -o poc.pdf
View on GitHub