Adobe Reader X Atom Type Confusion Vulnerability Exploit

2011.07.04

Credit: Snake

Risk: High

Local: No

Remote: Yes

CVE: CVE-2011-0611

CWE: CWE-119

CVSS Base Score: 9.3/10

Impact Subscore: 10/10

Exploitability Subscore: 8.6/10

Exploit range: Remote

Attack complexity: Medium

Authentication: No required

Confidentiality impact: Complete

Integrity impact: Complete

Availability impact: Complete

# Exploit Title: Adobe Reader X Atom Type Confusion Vulnerability Exploit
# Date: 7/3/2011
# Author: Snake ( Shahriyar.j < at > gmail )
# Version: Adobe Reader X < 10.1
# Tested on: 10.0.0 - 10.0.1 - Windows 7 - IE/FF/Opera
# CVE : CVE-2011-0611
#
#This is the exploit I wrote for Abysssec "The Arashi" article.
#It gracefully bypass DEP/ASLR ( not the sandbox ) in Adobe Reader X,
#and we named this method "Tatsumaki DEP/ASRL Bypass" : >
#It work reliably on IE9/FF4 and other browsers.
#
# The Arashi : http://abysssec.com/files/The_Arashi.pdf
http://www.exploit-db.com/download_pdf/17469
# me : twitter.com/ponez
# also check here for The Persian docs of this methods and more :
http://www.0days.ir/article/
Exploit: http://www.exploit-db.com/sploits/cve-2011-0611_exploit.pdf

References:

http://www.kb.cert.org/vuls/id/230057

http://xforce.iss.net/xforce/xfdb/66681

http://www.vupen.com/english/advisories/2011/0924

http://www.vupen.com/english/advisories/2011/0923

http://www.vupen.com/english/advisories/2011/0922

http://www.securitytracker.com/id?1025325

http://www.securitytracker.com/id?1025324

http://www.securityfocus.com/bid/47314

http://www.redhat.com/support/errata/RHSA-2011-0451.html

http://www.exploit-db.com/exploits/17175

http://www.adobe.com/support/security/bulletins/apsb11-08.html

http://www.adobe.com/support/security/bulletins/apsb11-07.html

http://www.adobe.com/support/security/advisories/apsa11-02.html

http://secunia.com/blog/210/

http://secunia.com/advisories/44149

http://secunia.com/advisories/44141

http://secunia.com/advisories/44119

http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00004.html

http://googlechromereleases.blogspot.com/2011/04/stable-channel-update.html

http://contagiodump.blogspot.com/2011/04/apr-8-cve-2011-0611-flash-player-zero.html

http://bugix-security.blogspot.com/2011/04/cve-2011-0611-adobe-flash-zero-day.html

http://blogs.technet.com/b/mmpc/archive/2011/04/12/analysis-of-the-cve-2011-0611-adobe-flash-player-vulnerability-exploitation.aspx

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Adobe Reader X Atom Type Confusion Vulnerability Exploit

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.