Adobe Reader 9.3.0 DLL Hijacking

2016-10-25T00:00:00
ID PACKETSTORM:139331
Type packetstorm
Reporter Ehsan Hosseini
Modified 2016-10-25T00:00:00

Description

                                        
                                            `=====================================================  
# Adobe Reader 9.3.0 - DLL Hijacking  
=====================================================  
# Vendor Homepage: https://www.adobe.com/  
# Date: 24 Oct 2016  
# Version : 9.3.0  
# Author: Ashiyane Digital Security Team  
# Contact: hehsan979@gmail.com  
=====================================================  
# PoC:  
1. Create a malicious dll file with name "AcroRd32.dll" and save it  
in "C:\Program Files\Adobe\Reader 9.0\Reader" directory.  
  
2. Execute "AcroRd32.exe" from "C:\Program Files\Adobe\Reader  
9.0\Reader" directory.  
  
3. Malicious dll file gets executed.  
=====================================================  
# Discovered By : Ehsan Hosseini  
=====================================================  
`