HTTP: Adobe PDF Function Obfuscation
This signature detects PDF files that have been obfuscated in order to evade attack detection by anti-virus or by an IPS device. Detections on this signature can indicate that an attacker is trying to exploit a vulnerability in a victim's system.
Extended Description
Adobe Reader and Acrobat are prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code. Failed exploit attempts will likely cause denial-of-service conditions. This issue affects Reader and Acrobat 9.2 and prior versions.
Affected Products
Red_hat enterprise_linux_as_extras
References
CVE: CVE-2010-0188
URL: http://www.adobe.com/support/security/advisories/apsa09-07.html http://sites.google.com/site/felipeandresmanzano/ http://www.adobe.com/support/security/bulletins/apsb09-15.html http://www.adobe.com/support/security/bulletins/apsb10-07.html http://secunia.com/blog/76/ http://bugix-security.blogspot.com/2010/03/adobe-pdf-libtiff-working-exploitcve.html http://www.adobe.com/support/security/advisories/apsa10-01.html http://feliam.wordpress.com/2010/02/11/flash-on-a-pdf-with-minipdf-py/ http://www.adobe.com/support/security/bulletins/apsb10-02.html http://blogs.adobe.com/psirt/2009/10/adobe_reader_and_acrobat_issue_1.html
Short Name
HTTP:STC:ADOBE:PDF-OBFUSCATION
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
Adobe CVE-2008-2992 CVE-2009-2990 CVE-2009-4324 CVE-2010-0188 CVE-2010-1297 CVE-2010-2883 Function Obfuscation PDF bid:36665 bid:38195 bid:40586
Release Date
12/16/2009
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3339
False Positive
Unknown
Vendors
Red_hat
Suse
Adobe
Gentoo
CVSS Score
9.3