CVE-2024-4367

This exploit generates a malicious PDF file that leverages a vulnerability in Firefox ESR 115.11's PDF.js to execute arbitrary JavaScript. The payload is embedded within the PDF's font matrix structure.

This repository contains a functional Python script that generates a malicious PDF file exploiting CVE-2024-4367 in PDF.js. The exploit leverages a missing type check in font handling to achieve arbitrary JavaScript execution in the context of the hosting domain.

This repository contains a functional PoC for CVE-2024-4367, which exploits arbitrary JavaScript execution in PDF.js via a crafted PDF file. The PoC generates a malicious PDF that triggers the vulnerability when opened in a vulnerable PDF.js viewer.

This repository contains a functional Python script that generates a malicious PDF file exploiting CVE-2024-4367 in PDF.js. The exploit leverages a vulnerability in PDF.js to execute arbitrary JavaScript code when the PDF is opened in vulnerable applications like Firefox (<126).

This repository provides a YARA rule to detect PDF files exploiting CVE-2024-4367, which allows arbitrary JavaScript execution in PDF.js. It does not contain exploit code but serves as a detection mechanism for the vulnerability.

This repository provides a functional proof-of-concept for CVE-2024-4367, a vulnerability in the PDF.js library. It includes a demo project with sample PDFs designed to exploit the vulnerability, allowing users to test different exploitation methods.

This repository provides a functional proof-of-concept for CVE-2024-4367, a vulnerability in PDF.js (pdfjs-dist). It includes a demo project with frontend components (React, Vue, Svelte) to test and exploit the vulnerability using crafted PDF files.

This repository contains a functional PoC for CVE-2024-4367, demonstrating arbitrary JavaScript execution in PDF.js via a crafted PDF file. The exploit leverages a vulnerability in PDF.js to achieve XSS in Firefox, Firefox ESR, and Thunderbird.

This repository contains a functional exploit PoC that chains CVE-2024-4367 (PDF-based RCE) and CVE-2023-38831 (WinRAR path traversal) to achieve remote command execution via a malicious PDF and RAR archive. The script generates a malicious PDF that triggers a download of a crafted RAR file, which executes a reverse shell when extracted.

The repository contains a functional exploit for CVE-2024-4367, which leverages insufficient type checks on the FontMatrix object in PDF.js to execute arbitrary JavaScript. The exploit script automates the creation of a malicious PDF, integrates with the Social Engineering Toolkit (SET) for phishing, and hosts a server to capture exfiltrated data.

This repository contains a functional Python script that modifies a PDF file to exploit CVE-2024-4367, an arbitrary JavaScript execution vulnerability in PDF.js. The script injects malicious payloads into the PDF's FontMatrix field, which can trigger arbitrary JavaScript execution when the PDF is rendered.

This repository contains a functional PoC for CVE-2024-4367, demonstrating an XSS vulnerability in PDF.js. The exploit generates a malicious PDF file that, when opened, executes arbitrary JavaScript payloads, including cookie theft, keylogging, and local file access in Electron-based applications.

The repository claims to demonstrate CVE-2024-4367 (XSS) but lacks actual exploit code, instead listing generic features and pointing to external images. No technical details or PoC code are provided.

This repository provides a functional workaround for CVE-2024-4367 by disabling JavaScript evaluation in PDF.js within Odoo 14.0. It includes a custom module that overrides default attachment handling to mitigate the vulnerability.

This repository contains a functional PoC for CVE-2024-4367, which exploits arbitrary JavaScript execution in PDF.js via a maliciously crafted PDF file. The script generates a PDF with embedded JavaScript payloads that trigger when parsed by vulnerable versions of PDF.js.

This repository contains a functional exploit PoC for CVE-2024-4367, targeting a vulnerability in PDF.js. The exploit involves a Node.js server setup with Express and Multer, demonstrating how the vulnerability can be leveraged to bypass access controls and potentially execute arbitrary code.

This repository provides a detailed technical analysis of CVE-2024-4367, a vulnerability in PDF.js allowing arbitrary JavaScript execution via improper type checking in font handling. It includes PoC PDFs and mitigation strategies.

This repository provides a functional PoC for CVE-2024-4367, a vulnerability in Firefox's PDF.js font renderer. It includes scripts to generate a malicious PDF, launch vulnerable Firefox versions, and compare patched vs. unpatched code.

This Python script generates a malicious PDF file exploiting CVE-2024-4367, likely targeting a vulnerability in PDF parsing. The payload is embedded within the PDF structure, specifically in the FontMatrix field, suggesting a potential buffer overflow or injection attack.