HTTP: PDF File with Obfuscated Javascript
This signature detects PDF files containing JavaScript code that has been obfuscated. This is a technique frequently used by malicious PDFs to avoid detection.
Extended Description
Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2718, CVE-2013-2719, CVE-2013-2720, CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2725, CVE-2013-2726, CVE-2013-2731, CVE-2013-2732, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-3337, CVE-2013-3338, CVE-2013-3339, CVE-2013-3340, and CVE-2013-3341.
Affected Products
Adobe acrobat_reader
References
CVE: CVE-2013-3346
URL: http://en.wikipedia.org/wiki/Portable_Document_Format http://www.adobe.com/support/security/advisories/apsa10-05.html http://blog.fortinet.com/fuzz-my-life-flash-player-zero-day-vulnerability-cve-2010-3654/ http://feliam.wordpress.com/2010/02/11/flash-on-a-pdf-with-minipdf-py/
Short Name
HTTP:STC:ADOBE:PDF-JS-HIDE
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2009-4324 CVE-2013-3346 File Javascript Obfuscated PDF bid:37331 bid:44504 with
Release Date
10/06/2010
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3727
False Positive
Unknown
Vendors
Adobe
CVSS Score
9.3
10.0