Upload

Adobe reader vulnerability demo [Anatomy of an Attack online]

SophosLabs SophosLabs·244 videos
6,619

Subscription preferences

Loading...
Working...
10,194
Like     Dislike 0

Sign in to YouTube

Sign in with your Google Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to like SophosLabs's video.

Sign in to YouTube

Sign in with your Google Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to dislike SophosLabs's video.

Sign in to YouTube

Sign in with your Google Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to add SophosLabs's video to your playlist.

Published on Jun 19, 2012

Here's a demo on how a vulnerability in Adobe Reader allowed random content to be downloaded from the internet.
Find a live Anatomy of an Attack event near you: http://bit.ly/LxLwm4

The interactive transcript could not be loaded.
Ratings have been disabled for this video.
Rating is available when the video has been rented.
This feature is not available right now. Please try again later.

All Comments (8)

Sign in now to post a comment!
  • MrPhilippos96

    MrPhilippos96 10 months ago

    @S3b1Videos It didn't warn the user because the malware is digitally signed(certificated).

    @SamKeupoN Yes,the buffer overflow itself is caused by a strcat API call on a

    "custom"-size stack variable

    ·

    Sign in to YouTube

    Sign in with your YouTube Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to rate MrPhilippos96's comment.

    Sign in to YouTube

    Sign in with your YouTube Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to rate MrPhilippos96's comment.
  • SamKeupoN

    SamKeupoN 11 months ago

    My guess is that it uses a buffer overflow allowing code injection. The download is actually done by the injected code.

    ·

    Sign in to YouTube

    Sign in with your YouTube Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to rate SamKeupoN's comment.

    Sign in to YouTube

    Sign in with your YouTube Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to rate SamKeupoN's comment.
  • TheHouseOfWaffles

    TheHouseOfWaffles 11 months ago

    Why would Adobe Reader download another file when it crashes, and how would it know to where to get it? If a PDF file is corrupt or not an actual PDF at all, shouldn't Adobe Reader simply say, "This is not a PDF file, so I can't open it," then do nothing else? As far as I know, Adobe Reader isn't one those applications which take a plain-text-based malicious script file masquerading as something else like a JPEG, determine it's a script file and not the supposed file type, then runs the script.

    ·

    Sign in to YouTube

    Sign in with your YouTube Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to rate TheHouseOfWaffles's comment.

    Sign in to YouTube

    Sign in with your YouTube Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to rate TheHouseOfWaffles's comment.
  • notta3d

    notta3d 11 months ago

    Damn Leadbetter!

    ·

    Sign in to YouTube

    Sign in with your YouTube Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to rate notta3d's comment.

    Sign in to YouTube

    Sign in with your YouTube Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to rate notta3d's comment.
  • S3b1Videos

    S3b1Videos 11 months ago

    But how did the exploit creator calculate the return adress if ASLR is enabled? Why Windows didn't warn the user of an stack execution or an overwritten variable?

    ·

    Sign in to YouTube

    Sign in with your YouTube Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to rate S3b1Videos's comment.

    Sign in to YouTube

    Sign in with your YouTube Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to rate S3b1Videos's comment.
  • mp3talon

    mp3talon 1 year ago

    i think he is canadian

    ·

    Sign in to YouTube

    Sign in with your YouTube Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to rate mp3talon's comment.

    Sign in to YouTube

    Sign in with your YouTube Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to rate mp3talon's comment.
    in reply to pilebaina (Show the comment)
  • pilebaina

    pilebaina 1 year ago

    Ok we have an American here...

    ·

    Sign in to YouTube

    Sign in with your YouTube Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to rate pilebaina's comment.

    Sign in to YouTube

    Sign in with your YouTube Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to rate pilebaina's comment.
  • Loading comment...
Loading...
Loading...
Working...
Sign in to add this to Watch Later