Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2010-1240 PoC — Adobe Reader Launch File警告对话用户欺骗和代码执行漏洞

Source
https://github.com/12345qwert123456/CVE-2010-1240
Associated Vulnerability
Title:Adobe Reader Launch File警告对话用户欺骗和代码执行漏洞 (CVE-2010-1240)
Description:Adobe Reader和Acrobat都是美国奥多比(Adobe)公司的产品。Adobe Reader是一款免费的PDF文件阅读器,Acrobat是一款PDF文件编辑和转换工具。 基于Windows和Mac OS X的Adobe Reader和Acrobat 9.3.3之前的9.x版本,8.2.3之前的8.x版本不能限制Launch File警告对话框中文本域中的内容。远程攻击者可利用该漏洞欺骗用户执行PDF文档中的任意本地程序。
Description
Python tool for CVE-2010-1240 research - generates malicious PDFs exploiting Adobe Reader Launch Actions
Readme
# CVE-2010-1240 PDF Launch Action Research Tool

![Python](https://img.shields.io/badge/python-3.6+-blue.svg)
![License](https://img.shields.io/badge/license-MIT-green.svg)
![Platform](https://img.shields.io/badge/platform-Windows-lightgrey.svg)
![CVE](https://img.shields.io/badge/CVE-2010--1240-red.svg)
![PoC](https://img.shields.io/badge/PoC-Verified-brightgreen)

Educational research tool demonstrating CVE-2010-1240 vulnerability in Adobe Reader through malicious PDF Launch Actions.

## ⚠️ Disclaimer

This tool is created strictly for **educational purposes** and **security research** to demonstrate CVE-2010-1240 vulnerability. It should only be used in controlled environments for learning about PDF security mechanisms and vulnerability research.

**Do not use this tool for malicious purposes.**

## 📋 Description

This project demonstrates **CVE-2010-1240**, a critical vulnerability in Adobe Reader that allows arbitrary code execution through malicious PDF Launch Actions. The vulnerability affects Adobe Reader and Acrobat versions prior to 9.3.3 and 8.2.3.

### CVE-2010-1240 Details

- **CVSS Score**: 9.3 (Critical)
- **Affected Versions**: Adobe Reader/Acrobat < 9.3.3, < 8.2.3
- **Attack Vector**: Malicious PDF with Launch Action
- **Impact**: Arbitrary code execution, system compromise
- **Disclosure**: June 2010

## 🚀 Quick Start

### Installation

```bash
git clone https://github.com/12345qwert123456/cve-2010-1240.git
cd cve-2010-1240
```

### Basic Usage

```bash
# Create a basic CVE-2010-1240 demonstration PDF
python pdf_generator.py

# Create PDF with custom PowerShell payload
python pdf_generator.py -c "Write-Host 'CVE-2010-1240 Demo'; pause"

# Specify output filename
python pdf_generator.py -o cve_demo.pdf
```

## 🎯 Proof of Concept Demonstration

### CVE-2010-1240 Launch Action Dialog

When a malicious PDF is opened in vulnerable Adobe Reader versions, the Launch Action triggers a security dialog:

![Adobe Reader Launch Dialog](assets/PoC%20Launch%20File.png)

*The Adobe Reader security warning showing the Launch Action attempting to execute PowerShell*

### PowerShell Execution

After bypassing the security dialog, the CVE-2010-1240 exploit successfully executes the PowerShell payload:

![PowerShell Execution](assets/PoC%20PWSH.png)

*PowerShell window opened by the PDF Launch Action exploit showing successful code execution*

### Social Engineering Technique

Advanced attackers can use line breaks and formatting to disguise the actual command being executed:

![Social Engineering Hack](assets/Hacktrick.png)

*Demonstration of how attackers can manipulate the Launch Action dialog to display benign text while executing malicious commands*

This technique exploits user psychology by showing innocuous text in the dialog while the actual malicious command is hidden through careful formatting and line breaks.

Example of payload: 
```
pdf_generator.py -o poc.pdf -c "Write-Host \"'CVE-2010-1240 PoC'; pause\"\n\n\n\n\n\n\n# Press Open Button"
```

### Command Line Options

```
usage: pdf_generator.py [-h] [-o OUTPUT] [-c COMMAND]

CVE-2010-1240 PDF Launch Action Research Tool

options:
  -h, --help            show this help message and exit
  -o OUTPUT, --output OUTPUT
                        Output PDF filename (default: cve_2010_1240_demo.pdf)
  -c COMMAND, --command COMMAND
                        PowerShell command to execute
```

## 🔧 Technical Details

### CVE-2010-1240 Vulnerability

CVE-2010-1240 is a critical vulnerability that affects Adobe Reader and Acrobat through improper handling of Launch Actions in PDF documents. The vulnerability allows remote attackers to execute arbitrary code by crafting malicious PDF files that abuse the Launch Action mechanism.

### PDF Structure

The generated PDF exploits CVE-2010-1240 through:
- **PDF Header**: Version 1.4 specification for compatibility
- **Catalog Object**: Root object with malicious OpenAction reference  
- **Pages Object**: Minimal page tree structure
- **Page Object**: Single page definition
- **Malicious Launch Action**: PowerShell execution directive (CVE-2010-1240)
- **Cross-Reference Table**: Object position mapping
- **Trailer**: End-of-file marker

### Vulnerable Versions

❌ **Vulnerable:**
- Adobe Reader 9.x < 9.3.3
- Adobe Reader 8.x < 8.2.3
- Adobe Acrobat 9.x < 9.3.3
- Adobe Acrobat 8.x < 8.2.3

✅ **Patched:**
- Adobe Reader 9.3.3+
- Adobe Reader 8.2.3+
- Modern PDF viewers with Launch Action restrictions

## 🔗 References

- [Escape From PDF](https://blog.didierstevens.com/2010/03/29/escape-from-pdf/)
- [Metasploit Module](https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/fileformat/adobe_pdf_embedded_exe.rb)
- [NIST NVD CVE-2010-1240](https://nvd.nist.gov/vuln/detail/CVE-2010-1240)
File Snapshot

 [4.0K]  /data/pocs/0235becde93af7d53e34caadcf3212df89bce1f3
├── [4.0K]  assets
│   ├── [ 36K]  Hacktrick.png
│   ├── [101K]  PoC Launch File.png
│   └── [ 50K]  PoC PWSH.png
├── [1.4K]  LICENSE
├── [8.4K]  pdf_generator.py
└── [4.7K]  README.md

1 directory, 6 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.