什么是CEV-2010-2883 Adobe Reader漏洞?
“Stack-based buffer overflow in CoolType.dll in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PDF document with a long field in a Smart INdependent Glyphlets (SING) table in a TTF font, as exploited in the wild in September 2010. NOTE: some of these details are obtained from third party information.”点击阅读详文
刚好之前写了动态内存分配,讲到了溢出攻击,而这一个就是利用了栈溢出来进行攻击的,便顺便做一下实验记录一下。这个栈溢出是由于在CoolType.dll中使用strcat函数时,没有对字符串进行长度检测,而就直接复制到固定大小的栈空间中引起的。
实验环境搭建
实验中使用到的资源已经打包,需要的自行下载:
链接:https://pan.baidu.com/s/19Z-sMhEv4F