Vulnerable Adobe Plugin Detection For UXSS PoC

Publicated on : 1180719543
Alex and I where e-mailing back and forth, and he had some interesting ideas to try to detect a vulnerable plugin version of Adobe. Older versions are vulnerable to UXSS. Which is a very nasty flaw. While UXSS is ebbing away in our minds, many people still run older versions of the Adobe PDF plugin and don't upgrade or never heard about UXSS. So there is a huge landscape of vulnerable PC's.

In any case it is preferred to have intelligence about the users system. To launch an attack - against every browser - just makes too much noise in some cases where you don't want it too. So Alex made this script to detect if you have a vulnerable version of the Adobe PDF plugin. Like a thief in the night it gathers intelligence. Another two edged sword to use: show your peers the risks of UXSS, and possible malicious use.

Nice idea Alex.

Launch PoC: click here to launch