Search

Leveraging Adobe JavaScript Virtual Machine

Loading...

Flash Player 9 (or above) is needed to view presentations.
We have detected that you do not have it on your computer. To install it, go here.

0 comments

Post a comment

    Post a comment
    Embed Video
    Edit your comment Cancel

    Notes on slide 1

    Favorites, Groups & Events

    Leveraging Adobe JavaScript Virtual Machine - Presentation Transcript

    1. Adobe JS Z Chen About Adobe Javascript Exploits . . Overview Leveraging Adobe JavaScript Virtual Machine Try It Out! . .. . . Samples In the Wild Zhijie Chen1 1 Engeineering Research Center of Information Security,ICST,PKU May 15, 2009 JoYAN . . . . . .
    2. Contents Adobe JS Z Chen About Adobe Javascript . Exploits . . About Adobe Javascript 1 Overview Try It Out! . Samples In the Wild . . Exploits Overview 2 . . . Try It Out! 3 . . . Samples In the Wild 4 JoYAN 2
    3. Contents Adobe JS Z Chen . About Adobe Javascript . . About Adobe Javascript 1 Exploits Overview Try It Out! . Samples In the . . Exploits Overview 2 Wild . . . Try It Out! 3 . . . Samples In the Wild 4 JoYAN 3
    4. What can it do? Adobe JS Z Chen . Adobe Javascript . About Adobe .. Javascript Adobe JavaScripts can be created for batch processing of multi- Exploits ple documents, processing within a single document, processing Overview for a given page, and processing for a single form field... Try It Out! Samples In the Customize the behavior of a particular PDF document. Wild Customize Acrobat itself. Implement security policies. Interact with databases and web services. Dynamically alter the appearance of a PDF document Capture user-entered data from form fields. Submit those data through SOAP-based Web Services. . Surpport for online team review. .. . JoYAN . 4
    5. Adobe JS Objects Adobe JS Z Chen . Acrobat JavaScript defines several objects that allow your code. About Adobe Javascript to interact with Acrobat, a PDF document, or form fields within Exploits a . PDF document. .. . . Overview Try It Out! . Object Purpose Object Purpose . Samples In the Wild app Acrobat doc PDF document dbg JavaScript debugger console JavaScript console global Persistent and cross- util JavaScript utility document information methods dialog Adobe Dialog Man- security Encryption and digital ager (ADM) signatures SOAP Web Services search Searching and index- ing ADBC Database connections event JavaScript events and queries . JoYAN .. . . 5
    6. Adobe JS Z Chen About Adobe Javascript Exploits Overview . Tools I use for manipulating pdf files . Try It Out! .. Samples In the pdftk: PDF toolkit. “If PDF is electronic paper, then pdftk Wild is an electronic staple-remover, hole-punch, binder, secret- decoder-ring, and X-Ray-glasses. ” . Scribus: Open Source Desktop Publishing. .. . . JoYAN 6
    7. Contents Adobe JS Z Chen . About Adobe Javascript . . About Adobe Javascript 1 Exploits Overview Try It Out! . Samples In the . . Exploits Overview 2 Wild . . . Try It Out! 3 . . . Samples In the Wild 4 JoYAN 7
    8. Adobe PDF Exploit List Adobe JS Z Chen . Exlpoits List from Milw0rm . About Adobe Javascript .. Adobe Acrobat Reader 8.1.2 – 9.0 getIcon() Memory Corruption Ex- Exploits Overview ploit Try It Out! Adobe 8.1.4/9.1 customDictionaryOpen() Code Execution Exploit Samples In the Adobe Reader 8.1.4/9.1 GetAnnots() Remote Code Execution Exploit Wild Adobe Acrobat Reader JBIG2 Universal Exploit Bind Shell port 5500 Adobe Reader util.printf() JavaScript Function Stack Overflow Exploit Adobe Acrobat 9 ActiveX Remote Denial of Service Exploit Adobe Acrobat Reader <= 8.1.2 Malformed PDF Remote DOS PoC Adobe Reader plug-in AcroPDF.dll 8.0.0.0 Resource Consumption Adobe Acrobat Reader Plugin <= 7.0.x (acroreader) XSS Vulnerability . Adobe Reader 7.0.8.0 AcroPDF.dll Internet Explorer Denial of Service .. . . JoYAN 8
    9. Leveragine Type I Adobe JS Z Chen About Adobe Javascript Exploits Overview Try It Out! Samples In the Play with the bugs when invoking a built-in function/method Wild within the Javascript context. Easy to trigger and exploit. JoYAN 9
    10. Adobe 8.1.4/9.1 customDictionaryOpen() Code Execution Exploit Adobe JS Z Chen About Adobe Javascript Exploits Overview Try It Out! Samples In the Wild http://milw0rm.com/exploits/8570 JoYAN 10
    11. Adobe Reader 8.1.4/9.1 GetAnnots() Remote Code Execution Exploit Adobe JS Z Chen About Adobe Javascript Exploits Overview Try It Out! Samples In the Wild http://milw0rm.com/exploits/8569 Not a stack overflow? JoYAN 11
    12. Adobe Reader util.printf() JavaScript Function Stack Overflow Exploit Adobe JS Z Chen About Adobe Javascript Exploits Overview Try It Out! Samples In the Wild http://milw0rm.com/exploits/7006 http://milw0rm.com/exploits/6994 JoYAN 12
    13. Adobe Acrobat Reader 8.1.2 – 9.0 getIcon() Memory Corruption Exploit Adobe JS Z Chen . http://milw0rm.com/exploits/8595 . About Adobe .. Javascript Affected Version : Acrobat Reader 8.1.2 - 9.0 Exploits Overview Tested On : XP SP2 / SP3 Try It Out! Description : This vulnerability allows remote attackers to Samples In the Wild execute arbitrary code on vulnerable installations of Adobe Acrobat and Adobe Reader. User interaction is required in that a user must visit a malicious web site or open a mali- cious file.The specific flaw exists when processing malicious JavaScript contained in a PDF document. When supply- ing a specially crafted argument to the getIcon() method of a Collab object, proper bounds checking is not performed resulting in a stack overflow. . Failed to uncompress it :(. .. . JoYAN . 13
    14. Leveragine Type II Adobe JS Z Chen About Adobe Javascript Exploits Overview Try It Out! Samples In the Wild Play with the bugs when parsering a malformed pdf file. Only use the javascript to perform a heapspray. JoYAN 14
    15. Adobe Acrobat Reader JBIG2 Local Buffer Overflow Adobe JS Z Chen About Adobe Javascript Exploits Overview Try It Out! Samples In the http://vrt-sourcefire.blogspot.com/2009/02/have-nice-weekend-pdf-love.h Wild http://milw0rm.com/exploits/8099 http://milw0rm.com/exploits/8280 JoYAN 15
    16. Leveragine Type III Adobe JS Z Chen . About Adobe Play with the urls. . Javascript Exploits I don’t know whether it works in the browser context or pdf reader Overview context.. Try It Out! Samples In the Adobe PDF Reader plug-in AcroPDF.dll ver. 8.0.0.0 Resource Wild Consumption:http://milw0rm.com/exploits/3430 Adobe Acrobat Reader Plugin <= 7.0.x (acroreader) XSS Vul- nerability:http://milw0rm.com/exploits/3084 Adobe Reader 7.0.8.0 AcroPDF.dll Internet Explorer Denial of Service:http://milw0rm.com/exploits/3040 Adobe Acrobat 9 ActiveX Remote Denial of Service Ex- . ploit:http://milw0rm.com/exploits/6424 .. . . JoYAN 16
    17. To be continued... Adobe JS Z Chen About Adobe Javascript Exploits Overview Try It Out! . Those I can’t RE them: . Samples In the .. Wild . .. 1 Adobe Acrobat Reader <= 8.1.2 Reader Remote Denial Of . Service:http://milw0rm.com/exploits/5687, Overflow? .. . . JoYAN 17
    18. Contents Adobe JS Z Chen . About Adobe Javascript . . About Adobe Javascript 1 Exploits Overview Try It Out! . Samples In the . . Exploits Overview 2 Wild . . . Try It Out! 3 . . . Samples In the Wild 4 JoYAN 18
    19. Try it out! Adobe JS Z Chen About Adobe Javascript Exploits Overview . Try It Out! Adobe Reader util.printf() JavaScript Function Stack Over-. Samples In the Wild flow Exploit .. http://milw0rm.com/exploits/7006 . http://milw0rm.com/exploits/6994 .. . . JoYAN 19
    20. Contents Adobe JS Z Chen . About Adobe Javascript . . About Adobe Javascript 1 Exploits Overview Try It Out! . Samples In the . . Exploits Overview 2 Wild . . . Try It Out! 3 . . . Samples In the Wild 4 JoYAN 20
    21. Sample in the wild Adobe JS Z Chen About Adobe Javascript Exploits Overview Try It Out! . Samples In the 50.2 . Wild .. hxxp://172.31.25.229/acroPDF.htm . .. . . JoYAN 21
    22. Adobe JS Z Chen About Adobe Javascript Exploits Overview Try It Out! . Samples In the Wild .. Thank you ! . .. . . JoYAN 22
    SlideShare Zeitgeist 2009

    + Z ChenZ Chen Nominate

    custom

    275 views, 0 favs, 0 embeds more stats

    More info about this document

    © All Rights Reserved

    Go to text version

    • Total Views 275
      • 275 on SlideShare
      • 0 from embeds
    • Comments 0
    • Favorites 0
    • Downloads 1
    Most viewed embeds

    more

    All embeds

    less

    Flagged as inappropriate Flag as inappropriate
    Flag as inappropriate

    Select your reason for flagging this presentation as inappropriate. If needed, use the feedback form to let us know more details.

    Cancel
    File a copyright complaint
    Having problems? Go to our helpdesk?

    Categories

    Tags

    -->
    Search
    RSS Feed
    What's new?

    © 2009 SlideShare Inc. All Rights Reserved