Skip navigation.
Home

Multiple Exploit Pages

Discovered more websites using exploits in Adobe software to infect a users system. Some minor analysis and video of exploit in action.

MDAC Exploit Page (iexplorer.exe)
e427f1c2438259b5b4bb386aec822e30

Another Adobe Acrobat Exploit (accwizm.exe)-VIDEO
2bee943c7b8e63d17a92b99087ba15a7

The code you posted from the

The code you posted from the second site seems to be broken, can you get another sample? Also at what point does the first one exploit adobe, it seems to be a standard MDAC exploit.

I've verified that the links

I've verified that the links are working. I'm not sure what the issue is on your end. Here is the link for it.

http://malwaredb.djpnuemo.com/adobe1005/code.txt

You are correct that it is the MDAC exploit. It was late at night while researching and went through this too quickly. Thanks for the corrections. The changes have been made.

The only reason I'm saying

The only reason I'm saying it's broken is because it makes reference to a function called D( alot but that function is never defined. If I try to run the code as is firefox renders a bunch of nonsense and ie hangs. Neither try to load adobe reader or send traffic.

I believe the exploit fails

I believe the exploit fails because it requires information that is missing. This probably requires referrer information in order to activate the exploit because if you try to load just the exploit page, it will fail. However, loading the original site, you will be redirected through two pages, where this missing information is most likely gathered.

I'm still learning so please bare with me.

This may also

This may also help.

http://securitylabs.websense.com/content/Blogs/3198.aspx