Adobe Collab.collectEmailInfo() Buffer Overflow
This module exploits a buffer overflow in Adobe Reader and Adobe Acrobat Professional 8.1.1. By creating a specially crafted pdf that a contains malformed Collab.collectEmailInfo() call, an attacker may be able to execute arbitrary code.
Module Name
exploit/windows/fileformat/adobe_collectemailinfo
Authors
- MC <mc [at] metasploit.com>
- Didier Stevens <didier.stevens [at] gmail.com>
References
Targets
- Adobe Reader v8.1.1 (Windows XP SP0-SP3 English)
Platforms
- windows
Reliability
Development
Module Options
To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':
msf > use exploit/windows/fileformat/adobe_collectemailinfo
msf exploit(adobe_collectemailinfo) > show targets
...targets...
msf exploit(adobe_collectemailinfo) > set TARGET <target-id>
msf exploit(adobe_collectemailinfo) > show options
...show and set options...
msf exploit(adobe_collectemailinfo) > exploit
Related Vulnerabilities
- CESA-2008:0144: acroread security update
- Sun Patch: SunOS 5.10: Adobe Acrobat Reader browser-plugin patch
- Sun Patch: SunOS 5.10: Adobe Acrobat Reader patch
- APSB08-13: Security updates available for Adobe Reader and Acrobat (CVE-2007-5659)
- APSB08-013: Adobe Reader Multiple Vulnerabilities
- RHSA-2008:0144: acroread security update