Adobe Reader X Atom Type Confusion Vulnerability Exploit

vendor:

Reader

by:

Snake (Shahriyar.j)

9.3

CVSS

HIGH

Atom Type Confusion Vulnerability

416

CWE

Product Name: Reader

Affected Version From: 10.0.0

Affected Version To: 10.0.1

Patch Exists: YES

Related CWE: CVE-2011-0611

CPE: a:adobe:reader:10.0.1

Metasploit: https://www.rapid7.com/db/vulnerabilities/hpsim-cve-2011-0611/, https://www.rapid7.com/db/vulnerabilities/adobe-apsb11-08-CVE-2011-0611/, https://www.rapid7.com/db/vulnerabilities/adobe-apsb11-07-CVE-2011-0611/, https://www.rapid7.com/db/vulnerabilities/gentoo-linux-cve-2011-0611/, https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2011-0451/, https://www.rapid7.com/db/vulnerabilities/suse-cve-2011-0611/, https://www.rapid7.com/db/vulnerabilities/adobe-air-cve-2011-0611/, https://www.rapid7.com/db/vulnerabilities/adobe-reader-apsb11-08-CVE-2011-0611/, https://www.rapid7.com/db/vulnerabilities/freebsd-vid-32b05547-6913-11e0-bdc4-001b2134ef46/

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows 7, IE/FF/Opera

2011

Adobe Reader X Atom Type Confusion Vulnerability Exploit

This is the exploit written for Abysssec 'The Arashi' article. It gracefully bypasses DEP/ASLR (not the sandbox) in Adobe Reader X, and is named 'Tatsumaki DEP/ASRL Bypass'. It works reliably on IE9/FF4 and other browsers.

Mitigation:

Update to the latest version of Adobe Reader X.

Source

Exploit-DB raw data:

# Exploit Title: Adobe Reader X Atom Type Confusion Vulnerability Exploit
# Date: 7/3/2011
# Author: Snake ( Shahriyar.j < at > gmail )
# Version: Adobe Reader X < 10.1
# Tested on: 10.0.0 - 10.0.1 - Windows 7 - IE/FF/Opera
# CVE : CVE-2011-0611
#
#This is the exploit I wrote for Abysssec "The Arashi" article.
#It gracefully bypass DEP/ASLR ( not the sandbox ) in Adobe Reader X,
#and we named this method "Tatsumaki DEP/ASRL Bypass" : >
#It work reliably on IE9/FF4 and other browsers.
#
# The Arashi : http://abysssec.com/files/The_Arashi.pdf
               http://www.exploit-db.com/docs/17469.pdf
# me : twitter.com/ponez
# also check here for The Persian docs of this methods and more :
http://www.0days.ir/article/

Exploit-DB Mirror: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/17473.pdf (cve-2011-0611_exploit.pdf)