CVE-2021-21086 PoC — Adobe Acrobat 和 Adobe Acrobat Reader 缓冲区错误漏洞

Source

https://github.com/infobyte/Exploit-CVE-2021-21086

Associated Vulnerability

Title:Adobe Acrobat 和 Adobe Acrobat Reader 缓冲区错误漏洞 (CVE-2021-21086)
Description:Adobe Acrobat和Adobe Acrobat Reader都是美国奥多比（Adobe）公司的产品。Adobe Acrobat是一套PDF文件编辑和转换工具。Adobe Acrobat Reader是一款PDF查看器。该软件用于打印，签名和注释 PDF。 Adobe Acrobat 和 Adobe Acrobat Reader 存在缓冲区错误漏洞，该漏洞允许CoolType任意堆栈操作。

Readme

# CVE-2021-21086 Exploit
This exploit allows to execute a shellcode in the context of the rendering process of Adobe Acrobat Reader DC 2020.013.20074 and earlier versions on Windows 10.
Note: the shellcode used in this example pops a calc. For it to work you must disable Adobe Reader's sandbox or you can replace it with other shellcode.
You can see it in action (with the sandbox disabled) [here](https://www.youtube.com/watch?v=DlgtEqGRzwU)

For more info on how it works, read our [blogpost](https://medium.com/faraday/who-needs-js-when-youve-got-turing-complete-fonts-c6a9cadbb665).


## How to use:
1. Generate exploit charstring: `python3 .\generate_exploit_charstring.py --output charstring`.
2. Embed charstring into a pdf file: `python3 .\charstring2pdf.py --filename .\charstring --out exploit.pdf`.
3. Open pdf file with Adobe Reader DC.

File Snapshot


 [4.0K]  /data/pocs/27b43b89ac5cc7c6be2f0450d4ef4cac241e099a
├── [3.9K]  charstring2pdf.py
├── [3.3K]  exploit.pdf
├── [ 12K]  generate_exploit_charstring.py
└── [ 856]  README.md

0 directories, 4 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!