CVE-2010-2883 PoC — Adobe Reader和Acrobat CoolType.dll栈缓冲区溢出漏洞

Source

https://github.com/avielzecharia/CVE-2010-2883

Associated Vulnerability

Title:Adobe Reader和Acrobat CoolType.dll栈缓冲区溢出漏洞 (CVE-2010-2883)
Description:Adobe Reader和Acrobat都是美国奥多比（Adobe）公司的产品。Adobe Reader是一款免费的PDF文件阅读器，Acrobat是一款PDF文件编辑和转换工具。基于Window和Mac OS X的Adobe Reader和Acrobat 9.4之前的9.x版本，8.2.5之前的8.x版本的CoolType.dll中存在基于栈的缓冲区溢出漏洞。远程攻击者可借助带有TTF字体Smart INdependent Glyphlets (SING)表格中超长字段的PDF文件执行任意代码或者导致

Description

Playing with CVE-2010-2883

Readme

# CVE-2010-2883
PoC for CVE-2010-2883 using TTD research, Metasploit techniques, BOF+ROP and HEAP spraying for educational purposes only.

File Snapshot


 [4.0K]  /data/pocs/72735298ed807b9a3c4a69a430590af6b1a83221
├── [4.0K]  binaries
│   ├── [341K]  AcroRd32.exe
│   ├── [2.3M]  CoolType.dll
│   ├── [ 40M]  CoolType.dll.idb
│   ├── [546K]  EMET.dll
│   ├── [7.8M]  EMET.dll.idb
│   ├── [664K]  icucnv36.dll
│   └── [7.5M]  icucnv36.dll.idb
├── [539K]  CVE-2010-2883.pdf
├── [4.0K]  EMET internet resources
│   ├── [1.3M]  bypassing-emet-4-1.pdf
│   ├── [576K]  emet_4_1_uncovered.pdf
│   ├── [7.0M]  EMET_slides.pdf
│   ├── [1.8M]  EMET User's Guide.pdf
│   └── [5.1M]  Recon2013-Elias Bachaalany-Inside EMET 4.pdf
├── [4.0K]  exploit files
│   ├── [ 20K]  adobe_cooltype_sing_EMETBypass_calc.rb
│   ├── [1.5K]  msf_calc_EMETBypass_payload.asm
│   ├── [ 46K]  msf_calc_EMETBypass.pdf
│   ├── [ 45K]  msf_calc.pdf
│   └── [ 66K]  PDF_Password_SING.7z
├── [4.0K]  Installers
│   ├── [ 41M]  AdbeRdr934_en_US.exe
│   └── [8.3M]  EMET Setup.msi
└── [ 138]  README.md

5 directories, 21 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!