Exploitation Summary
CVE-2010-1240 has been observed exploited in the wild (reported by VulnCheck KEV).
EIP tracks 9 public exploits from researchers including Metasploit, Didier Stevens, Jasmoon99, including a Metasploit module exploits/windows/fileformat/adobe_pdf_embedded_exe.
AI-analyzed exploit summary This Metasploit module exploits CVE-2010-1240 by embedding a malicious executable in a PDF file without requiring JavaScript. It uses hex encoding and obfuscation techniques to evade detection and executes the payload via a crafted /Launch action.
Description
Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, do not restrict the contents of one text field in the Launch File warning dialog, which makes it easier for remote attackers to trick users into executing an arbitrary local program that was specified in a PDF document, as demonstrated by a text field that claims that the Open button will enable the user to read an encrypted message.
Exploits (9)
This Metasploit module exploits CVE-2010-1240 by embedding a malicious executable in a PDF file without requiring JavaScript. It uses hex encoding and obfuscation techniques to evade detection and executes the payload via a crafted /Launch action.
This Metasploit module embeds a malicious payload into an existing PDF file, leveraging Adobe Reader's handling of embedded executables for social engineering attacks. It generates a weaponized PDF that, when opened, executes the embedded payload via JavaScript and command injection.
This exploit leverages PDF's launch action feature to execute embedded executables without exploiting a vulnerability. It bypasses user warnings in Adobe Reader and executes without interaction in Foxit Reader.
This repository provides a detailed technical walkthrough of exploiting CVE-2010-1240, a vulnerability in Adobe Reader <= 8.1.2, using Metasploit's `adobe_pdf_embedded_exe` module to achieve remote code execution via a malicious PDF file. It includes step-by-step instructions for generating the payload, setting up a listener, and demonstrating post-exploitation activities.
This repository provides a detailed guide on exploiting CVE-2010-1240 using Metasploit to embed a malicious payload in a PDF file, which executes arbitrary code via reverse TCP when opened in vulnerable Adobe Reader versions.
This repository provides a functional exploit for CVE-2010-1240, leveraging Metasploit's `adobe_pdf_embedded_exe` module to embed a malicious executable in a PDF. The exploit tricks users into executing arbitrary local programs via a deceptive dialog box, demonstrating a social engineering attack vector.
This repository contains a functional Python script that generates malicious PDFs exploiting CVE-2010-1240, a vulnerability in Adobe Reader/Acrobat allowing arbitrary code execution via Launch Actions. The tool demonstrates the exploit with configurable PowerShell payloads and includes detailed technical documentation.
This Metasploit module exploits CVE-2010-1240 by embedding a malicious executable into a PDF file, leveraging social engineering to trick users into executing the payload. It targets Adobe Reader vulnerabilities to achieve remote code execution.
This Metasploit module embeds a payload EXE into a PDF file using HEX encoding and leverages a social engineering technique to execute the payload without requiring JavaScript. It exploits CVE-2010-1240 by embedding a command in the PDF that launches a VBScript to decode and execute the payload.