Skip navigation.
Home

PDF JBIG2 Exploit Sample

|

Hello

I need a sample PoC which is exploited in wild for Acrobat JBIG2 vulnerability.

There is 2 PoCs in the wild, one of them uses Javascript to spray heap for execution of code, another one doesn't use, if you have any of them, please share...

Thanks from now!

don't have an actual sample

don't have an actual sample for you, but some good info on the actual exploit itself if anyone is interested.

PDF JBIG2

®(¯`·._(¯`·._:-.*kreepz86*.-:_.·´¯)_.·´¯)®

PDF example

I don't know if this is exactly the exploit you were looking for but this is definatly some sort of malicious PDF file. I have uploaded it here. I hope this helps. I have been tracking down the links that appeared when my website's ftp password was compromised. This was one end that I found. When the PDF file is being called it is accepting 3 variables, one of which was my IP.

This PDF is exploiting two

This PDF is exploiting two old vulnerabilities: Collab.collectEmailInfo() JavаScript Overflow and Util.printf() JavаScript Overflow.

So who have it?

So who have JBIG2 Array indexing vulnerability PoC pdf file?

The page that kreepz86 gave

The page that kreepz86 gave has a python program that can generate poc's.

That python does nothing

That python does nothing except a blank DOS pdf generator... Everything is in image stream which causes exploit and code execution...

f52e6651458fc0e5eff953844b9774dc

Search it with that on OC ...

again ... f52e6651458fc0e5eff953844b9774dc

---------------------
Norton AntiVirus 2009

This PDF is exploiting

This PDF is exploiting Util.printf

Anyone

So have you guys been able to find an actual JBIG infected PDF? All the ones that I have looked at from OC are exploiting old vulns, not JBIG

Thanks again

Still not there, Is it?

Is there no POC available for this? or atleast a sample PDF.