CVE-2015-3073 PoC — Adobe Reader和Acrobat 安全漏洞

Source

https://github.com/reigningshells/CVE-2015-3073

Associated Vulnerability

Title:Adobe Reader和Acrobat 安全漏洞 (CVE-2015-3073)
Description:Adobe Reader和Acrobat都是美国奥多比（Adobe）公司的产品。Adobe Reader是一款免费的PDF文件阅读器，Acrobat是一款PDF文件编辑和转换工具。基于Windows和OS X平台的Adobe Reader和Acrobat中存在安全漏洞。攻击者可利用该漏洞绕过JavaScript API执行过程的既定的限制。以下产品及版本受到影响：Adobe Reader 10.1.13及之前版本和11.0.10及之前版本，Acrobat 10.1.13及之前版本和11.0.10及之前版

Description

CVE-2015-3073 PoC

Readme

# CVE-2015-3073

This vulnerability allows remote attackers to bypass API restrictions on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

The specific flaw exists within AFParseDate. By creating a specially crafted PDF with specific JavaScript instructions, it is possible to bypass the Javascript API restrictions. A remote attacker could exploit this vulnerability to execute arbitrary code.

Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X are vulnerable.

Notes:

The code assumes you attached a DLL named exploit.txt to the PDF document.

Acrobat will execute updaternotifications.dll if it's in the same directory as the Acrobat executable or the same directory as the document being opened.

Credit for discovery and the initial POC that illustrates code being executed in the privileged context goes to the Zero Day Initiative.

File Snapshot


 [4.0K]  /data/pocs/cad951b0531a2ac6a2bcb46639e28f4243e96970
├── [ 924]  exploit.js
└── [1005]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!