File format-based exploitation
We will be covering various attacks on the victim using malicious files in this section. Therefore, whenever these malicious files run, it provides meterpreter or shell access to the target system. In the next section, we will cover exploitation using malicious document and PDF files.
PDF-based exploits
PDF file format-based exploits are those that trigger vulnerabilities in various PDF readers and parsers, which when are made to execute the payload carrying PDF files, presenting the attacker with complete access to the target system in the form of a meterpreter shell or a command shell. However, before getting into the technique, let's see what vulnerability we are targeting and what the environment details are:
|
Test cases |
Description |
|
Vulnerability |
Stack overflow in uniquename from the Smart Independent Glyplets (SING) table |
|
Exploited on operating system |
Windows 7 32-bit |
|
Software version |
Adobe Reader 9 |
|
Affected versions |
Adobe Reader 9.3.4 and earlier... |
