module

Adobe Reader for Android addJavascriptInterface Exploit

Try Surface Command
Back to search
Disclosed
2014-04-13
Created
2018-05-30

Description

Adobe Reader versions less than 11.2.0 exposes insecure native
interfaces to untrusted javascript in a PDF. This module embeds the browser
exploit from android/webview_addjavascriptinterface into a PDF to get a
command shell on vulnerable versions of Reader.

Authors

Yorick Koster
joev joev@metasploit.com

Platform

Android

References

Module Options

To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:


    msf > use exploit/android/fileformat/adobe_reader_pdf_js_interface
    msf exploit(adobe_reader_pdf_js_interface) > show targets
        ...targets...
    msf exploit(adobe_reader_pdf_js_interface) > set TARGET < target-id >
    msf exploit(adobe_reader_pdf_js_interface) > show options
        ...show and set options...
    msf exploit(adobe_reader_pdf_js_interface) > exploit
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today