https://github.com/infobyte/exploit-cve-2021-21086

Last synced: about 1 year ago
JSON representation

Host: GitHub
URL: https://github.com/infobyte/exploit-cve-2021-21086
Owner: infobyte
Created: 2021-12-02T18:30:53.000Z (over 4 years ago)
Default Branch: master
Last Pushed: 2021-12-02T18:46:48.000Z (over 4 years ago)
Last Synced: 2025-04-01T10:21:17.013Z (about 1 year ago)
Language: Python
Size: 6.84 KB
Stars: 27
Watchers: 10
Forks: 12
Open Issues: 0
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

README

# CVE-2021-21086 Exploit
This exploit allows to execute a shellcode in the context of the rendering process of Adobe Acrobat Reader DC 2020.013.20074 and earlier versions on Windows 10.
Note: the shellcode used in this example pops a calc. For it to work you must disable Adobe Reader's sandbox or you can replace it with other shellcode.
You can see it in action (with the sandbox disabled) [here](https://www.youtube.com/watch?v=DlgtEqGRzwU)

For more info on how it works, read our [blogpost](https://medium.com/faraday/who-needs-js-when-youve-got-turing-complete-fonts-c6a9cadbb665).

## How to use:
1. Generate exploit charstring: `python3 .\generate_exploit_charstring.py --output charstring`.
2. Embed charstring into a pdf file: `python3 .\charstring2pdf.py --filename .\charstring --out exploit.pdf`.
3. Open pdf file with Adobe Reader DC.

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Awesome

https://github.com/infobyte/exploit-cve-2021-21086

Awesome Lists containing this project

README