来源

关联漏洞

描述

Python tool for CVE-2010-1240 research - generates malicious PDFs exploiting Adobe Reader Launch Actions

介绍

# CVE-2010-1240 PDF Launch Action Research Tool

![Python](https://img.shields.io/badge/python-3.6+-blue.svg)
![License](https://img.shields.io/badge/license-MIT-green.svg)
![Platform](https://img.shields.io/badge/platform-Windows-lightgrey.svg)
![CVE](https://img.shields.io/badge/CVE-2010--1240-red.svg)
![PoC](https://img.shields.io/badge/PoC-Verified-brightgreen)

Educational research tool demonstrating CVE-2010-1240 vulnerability in Adobe Reader through malicious PDF Launch Actions.

## ⚠️ Disclaimer

This tool is created strictly for **educational purposes** and **security research** to demonstrate CVE-2010-1240 vulnerability. It should only be used in controlled environments for learning about PDF security mechanisms and vulnerability research.

**Do not use this tool for malicious purposes.**

## 📋 Description

This project demonstrates **CVE-2010-1240**, a critical vulnerability in Adobe Reader that allows arbitrary code execution through malicious PDF Launch Actions. The vulnerability affects Adobe Reader and Acrobat versions prior to 9.3.3 and 8.2.3.

### CVE-2010-1240 Details

- **CVSS Score**: 9.3 (Critical)
- **Affected Versions**: Adobe Reader/Acrobat < 9.3.3, < 8.2.3
- **Attack Vector**: Malicious PDF with Launch Action
- **Impact**: Arbitrary code execution, system compromise
- **Disclosure**: June 2010

## 🚀 Quick Start

### Installation

```bash
git clone https://github.com/12345qwert123456/cve-2010-1240.git
cd cve-2010-1240
```

### Basic Usage

```bash
# Create a basic CVE-2010-1240 demonstration PDF
python pdf_generator.py

# Create PDF with custom PowerShell payload
python pdf_generator.py -c "Write-Host 'CVE-2010-1240 Demo'; pause"

# Specify output filename
python pdf_generator.py -o cve_demo.pdf
```

## 🎯 Proof of Concept Demonstration

### CVE-2010-1240 Launch Action Dialog

When a malicious PDF is opened in vulnerable Adobe Reader versions, the Launch Action triggers a security dialog:

![Adobe Reader Launch Dialog](assets/PoC%20Launch%20File.png)

*The Adobe Reader security warning showing the Launch Action attempting to execute PowerShell*

### PowerShell Execution

After bypassing the security dialog, the CVE-2010-1240 exploit successfully executes the PowerShell payload:

![PowerShell Execution](assets/PoC%20PWSH.png)

*PowerShell window opened by the PDF Launch Action exploit showing successful code execution*

### Social Engineering Technique

Advanced attackers can use line breaks and formatting to disguise the actual command being executed:

![Social Engineering Hack](assets/Hacktrick.png)

*Demonstration of how attackers can manipulate the Launch Action dialog to display benign text while executing malicious commands*

This technique exploits user psychology by showing innocuous text in the dialog while the actual malicious command is hidden through careful formatting and line breaks.

Example of payload: 
```
pdf_generator.py -o poc.pdf -c "Write-Host \"'CVE-2010-1240 PoC'; pause\"\n\n\n\n\n\n\n# Press Open Button"
```

### Command Line Options

```
usage: pdf_generator.py [-h] [-o OUTPUT] [-c COMMAND]

CVE-2010-1240 PDF Launch Action Research Tool

options:
  -h, --help            show this help message and exit
  -o OUTPUT, --output OUTPUT
                        Output PDF filename (default: cve_2010_1240_demo.pdf)
  -c COMMAND, --command COMMAND
                        PowerShell command to execute
```

## 🔧 Technical Details

### CVE-2010-1240 Vulnerability

CVE-2010-1240 is a critical vulnerability that affects Adobe Reader and Acrobat through improper handling of Launch Actions in PDF documents. The vulnerability allows remote attackers to execute arbitrary code by crafting malicious PDF files that abuse the Launch Action mechanism.

### PDF Structure

The generated PDF exploits CVE-2010-1240 through:
- **PDF Header**: Version 1.4 specification for compatibility
- **Catalog Object**: Root object with malicious OpenAction reference  
- **Pages Object**: Minimal page tree structure
- **Page Object**: Single page definition
- **Malicious Launch Action**: PowerShell execution directive (CVE-2010-1240)
- **Cross-Reference Table**: Object position mapping
- **Trailer**: End-of-file marker

### Vulnerable Versions

❌ **Vulnerable:**
- Adobe Reader 9.x < 9.3.3
- Adobe Reader 8.x < 8.2.3
- Adobe Acrobat 9.x < 9.3.3
- Adobe Acrobat 8.x < 8.2.3

✅ **Patched:**
- Adobe Reader 9.3.3+
- Adobe Reader 8.2.3+
- Modern PDF viewers with Launch Action restrictions

## 🔗 References

- [Escape From PDF](https://blog.didierstevens.com/2010/03/29/escape-from-pdf/)
- [Metasploit Module](https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/fileformat/adobe_pdf_embedded_exe.rb)
- [NIST NVD CVE-2010-1240](https://nvd.nist.gov/vuln/detail/CVE-2010-1240)

文件快照

 [4.0K]  /data/pocs/0235becde93af7d53e34caadcf3212df89bce1f3
├── [4.0K]  assets
│   ├── [ 36K]  Hacktrick.png
│   ├── [101K]  PoC Launch File.png
│   └── [ 50K]  PoC PWSH.png
├── [1.4K]  LICENSE
├── [8.4K]  pdf_generator.py
└── [4.7K]  README.md

1 directory, 6 files

备注