Thanks to our good friend dookie who passed us a link to a CVE about the new exploit for Adobe 9.3. Well, I should just say it is not for 9.3 but it states:
Exploit works with Adobe Javascript disabled.
Tested : successfully tested on Adobe Reader 9.1/9.2/9.3 OS Windows XP(SP2,SP3 any languages), also works with Adobe browser plugin
A hacker by the nick of villy made a python script that will create a pdf that will launch calc.exe on a WinXP SP2 Box with the most up-to-date version of Adobe Reader installed even with Java turned off.
After playing with it we replaced the shellcode with a Windows Reverse Shell and then tried it on a fully patch system! BAM – Shell again.
We took the PDF file and uploaded it to Virus Total and an amazing 0/42 was returned and that is before we even used Shakata Ganai to encode it.
Of course we documented the adventure and put a new video up on our site on the resources page entitled Brand New Adobe 9.3 Exploit
Enjoy and stay tuned for more to come.
Comments are closed.