[framework] new adobe exploit

Lurene Grenier pusscat at metasploit.com
Wed Jan 6 05:23:00 PST 2010


The exploit relies on a heap spray and some heap grooming that seems
to move around a bit on different language packs.  The version posted
was tested on XPSP3 (no DEP) with acrord 9.2.  Are the machines you
guys are testing on equipped with hardware DEP? If so, we're out of
luck until someone has the time to implement the ret-spray, heap flip,
ret2lib chained attack style sploit. If not, let me know version
numbers and language packs and I'll take a look.

On Tue, Jan 5, 2010 at 8:08 PM, Brian Milliron <antechrist at io.com> wrote:
> Kudos to the dev team on the new doc.media.newPlayer exploit.  I didn't
> even notice it had been added to the build until now.  I can't wait to
> test it out.  Will let you know what versions I test.  FYI, here is an
> analysis of some highly sophisticated wild code for this exploit which
> is using an egg hunt to execute multiple payloads and then opens a valid
> pdf after crashing the reader so the user doesn't notice anything.
> http://isc.sans.org/diary.html?storyid=7867
>
> Cheers,
> Brian
> _______________________________________________
> https://mail.metasploit.com/mailman/listinfo/framework
>



-- 
~ Lurene



More information about the framework mailing list