Zero day PDF exploit for Adobe Acrobat 's

2017年4月14日17:33:33评论312 views字数 644阅读2分8秒阅读模式

摘要

来源：Ph4nt0m Google GroupLink to exploit:Please download and open it locally in Adobe Acrobat (not in Adobe Acrobat
ActiveX control):

来源：Ph4nt0m Google Group

Link to exploit:

Please download and open it locally in Adobe Acrobat (not in Adobe Acrobat
ActiveX control):

http://security.fedora-hosting.com/0day/pdf/pdf_poc.pdf

Description:

0-day proof of concept (PoC) exploit for Adobe Acrobat.

Software affected:

+ Adobe Reader 8.1 (and earlier)
+ Adobe Acrobat Standard, Pro and Elements 8.1 (and earlier)
+ Adobe Acrobat 3D

System affected:

+ Windows XP with IE7

Details:

To view exploit code in Adobe Acrobat go to: Pages -> Page Properties ->
Actions
(trigger: Page Open, action: Open a web link)

This is URL handling bug in shell32!ShellExecute()

Workaround:

Currently unavailable.

Thanks to:

pdp (at) gnucitizen.org for his investigation

regards,
cyanid-E <biz4rre[at]gmail.com>

Discuz! 5.0.0 GBK SQL injection / admin credentials disclosure exploit