I'm trying to get some insight into an exploit in Adobe Reader that I took from Metasploit. First off, I'm pretty new at this, but would appreciate the help. I'm investigating various options for doing so, but when I tried QEMU, the exploit did not work. I've taken the following steps:
1. Generated the windows/fileformat/adobe_jbig2decode exploit with a payload that launches calc.exe
2. Created a new Windows XP SP3 VM using no special options, using all the defaults in the Win XP install process
3. Installed Adobe Reader 8.1.1 from the msi on their ftp site
4. Copied the exploit PDF to the desktop of the guest
5. Double-clicked the exploit file to launch Adobe
I've tried three virtualization products. I get success (calc.exe) on VMWare and Virtualbox, but on QEMU Adobe just crashes. I'm of course trying to figure out why this is, since I wouldn't think the difference in loaded dirvers would mean anything to the layout of user-space memory, but in the meantime I'm wondering if anyone else has had similar experiences.
As an aside, I have the same kind of problem (no success, crash instead) when running different debuggers too, which makes this an especially tough problem to get a handle on.