Exploits

CVE-2010-1797 PDF exploit for Foxit Reader <= 4.0

After the Jailbreakme PDF vulnerability explanation I'm gonna publish the proof of concept of the same vulnerability for Foxit Reader. This is a patched vuln for this product so I suppose there will be no problem with that. Like I said, we can use a 116-bytes shellcode without the necessity of another exploiting stage, so I've modified this calc.exe shellcode for this PoC.

This exploit generates a PDF file which can be used against Foxit Reader in Windows XP and Windows Vista.  This is functional only for the latest versions of Foxit Reader but it's very easy to modify it for other ones (there is an example in the exploit for the 3.0). You can find the python script in the Exploits section or directly here. Enjoy it!! ;)

Exploits

foxit40_type2.py
Vulnerability: FreeType Compact Font Format (CFF) Stack Based Buffer Overflow [CVE-2010-1797] [BID-42241]
Affected product: Foxit Reader <= 4.0
Platform: Windows XP, Windows Vista
Type: Code execution
Publication date: 2010-08-23

opal228_dos.py
Vulnerability: OPAL SIP Protocol Remote Denial of Service [CVE-2007-04924] [BID-25955] [S21sec-037]
Affected product: OPAL <= 2.2.8 (also the applications which use this library, for example Ekiga <= 2.0.9)
Platform: Any
Type: Remote Denial of Service
Distribuir contenido