Monday, November 8, 2010

Nov 3 CVE-2010-4091 Adobe 0 Day "printSeps()" xpl.pdf PoC From scup () hushmail com

Common Vulnerabilities and Exposures (CVE)number. Vendor Advisories

CVE-2010-4091 The EScript.api plugin in Adobe Acrobat Reader 9.4.0, 8.1.7, and probably other versions allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PDF document that triggers memory corruption, involving the printSeps function. NOTE: some of these details are obtained from third party information.

November 8, 2010 Update:
We plan to resolve this issue in the update for Adobe Reader and Acrobat 9.4 and earlier 9.x versions scheduled for release during the week of November 15, 2010, mentioned in Security Advisory APSA10-05. We have assigned CVE-2010-4091 to this issue. As of today, Adobe is not aware of any exploits in the wild or public exploit code for this issue.


November 4, 2010 Adobe is aware of a potential issue in Adobe Reader posted publicly today on the Full Disclosure list. A proof-of-concept file demonstrating a Denial of Service was published. Arbitrary code execution has not been demonstrated, but may be possible. We are currently investigating this issue. In the meantime, users of Adobe Reader 9.2 or later and 8.1.7 or later can utilize the JavaScript Blacklist Framework to prevent the issue by following the instructions below. Note that Adobe Acrobat is not affected by this issue.

Vupen Adobe Acrobat and Reader "printSeps()" Heap Corruption Vulnerability

 General File Information

MD5  d000e74163e34fc65914676674776284
SHA1  94358cebc08f6677df9b28e5b893dce71003081a
File Name: xpl_pdf.pdf
File size : 1928 bytes
Type:  PDF
Wed, 03 Nov 2010 [0dayz] Acrobat Reader Memory Corruption Remote Arbitrary Code Execution Full Disclosure


Automated Scans

Virustotal link
Submission date:2010-11-05 11:23:46 (UTC)
14/ 41 (34.1%)
AntiVir    2010.11.05    EXP/Pdfka.oth
Avast    4.8.1351.0    2010.11.04    JS:Pdfka-gen
Avast5    5.0.594.0    2010.11.04    JS:Pdfka-gen
AVG    2010.11.04    Exploit.PDF
Emsisoft    2010.11.05    Exploit.JS.Pdfka!IK
Ikarus    T3.    2010.11.05    Exploit.JS.Pdfka
Kaspersky    2010.11.05    Exploit.JS.Pdfka.cys
McAfee-GW-Edition    2010.1C    2010.11.05    Heuristic.BehavesLike.PDF.Suspicious.C
Norman    6.06.10    2010.11.04    HTML/Shellcode.AA
Panda    2010.11.05    Exploit/PDF.Gen.B
PCTools    2010.11.05    HeurEngine.PDF
Symantec    20101.2.0.161    2010.11.05    Bloodhound.PDF!gen
TrendMicro-HouseCall    2010.11.05    TROJ_PIDIEF.SEP
MD5   : d000e74163e34fc65914676674776284

Analysis  full disclosure xpl.pdf Adober Reader 9.4 poc - printSeps()

No comments:

Post a Comment