This module runs a web server waiting for vulnerable clients to connect to it. When the client connects, it will try to install an agent by exploiting a vulnerability in ATSServer through Quicklook/Safari/Apple Mail/Preview, which allows user-assisted remote attackers to execute code via a crafted PDF file that triggers memory corruption and overwrites a subroutine pointer during rendering. The module will send an e-mail with an attached .pdf file. This file will deploy an agent when opened by the user. Additionally, the module will allow users to download the malformed .pdf file from Core Impact's Web Server. Also, this module can drop a specially crafted PDF file in a local folder of the user's choice. This file can later be placed in a shared folder. Exploitation will occur in the first case just by visiting the folder in which the file is stored.
CVE Link
Exploit Platform
Exploit Type
Product Name