[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-discuss] Divergent behavior in Adobe Reader in QEMU

From: Bob G
Subject: [Qemu-discuss] Divergent behavior in Adobe Reader in QEMU
Date: Mon, 4 Feb 2013 13:05:10 -0500

   I'm trying to get some insight into an exploit in Adobe Reader that I took from Metasploit.  First off, I'm pretty new at this, but would appreciate the help.  I'm investigating various options for doing so, but when I tried QEMU, the exploit did not work.  I've taken the following steps:

1.  Generated the windows/fileformat/adobe_jbig2decode exploit with a payload that launches calc.exe
2.  Created a new Windows XP SP3 VM using no special options, using all the defaults in the Win XP install process
3.  Installed Adobe Reader 8.1.1 from the msi on their ftp site
4.  Copied the exploit PDF to the desktop of the guest
5.  Double-clicked the exploit file to launch Adobe

I've tried three virtualization products.  I get success (calc.exe) on VMWare and Virtualbox, but on QEMU Adobe just crashes.  I'm of course trying to figure out why this is, since I wouldn't think the difference in loaded dirvers would mean anything to the layout of user-space memory, but in the meantime I'm wondering if anyone else has had similar experiences.

As an aside, I have the same kind of problem (no success, crash instead) when running different debuggers too, which makes this an especially tough problem to get a handle on.

So, anyone have any ideas / suggestions / similar experiences?

n00b reverser here.  I ran the util_printf Adobe Reader 8.1.1 exploit from Metasploit in a Win XP SP3 guest in QEMU and it didn't work.  It works in a VMWare guest and a VirtualBox guest.  Any ideas as to why that might be?

reply via email to

[Prev in Thread] Current Thread [Next in Thread]