Signature Detail
This site is deprecated. Please CLICK HERE for latest updates
Short Name |
HTTP:STC:ADOBE:PDF-OBFUSCATION |
|---|---|
Severity |
Major |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Adobe PDF Function Obfuscation |
Release Date |
2009/12/16 |
Update Number |
1445 |
Supported Platforms |
idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
HTTP: Adobe PDF Function Obfuscation
This signature detects PDF files that have been obfuscated in order to evade attack detection by anti-virus or by an IPS device. Detections on this signature can indicate that an attacker is trying to exploit a vulnerability in a victim's system.
Extended Description
Adobe Reader and Acrobat are prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code. Failed exploit attempts will likely cause denial-of-service conditions. This issue affects Reader and Acrobat 9.2 and prior versions.
Affected Products
- Adobe acrobat 6.0.1
- Adobe acrobat 7.0.9
- Adobe acrobat 9.1.1
- Adobe acrobat 9.2
- Adobe acrobat_professional 8.0
- Adobe acrobat_professional 8.1
- Adobe acrobat_professional 8.1.1
- Adobe acrobat_professional 8.1.2
- Adobe acrobat_professional 8.1.3
- Adobe acrobat_professional 8.1.4
- Adobe acrobat_professional 8.1.6
- Adobe acrobat_professional 8.1.7
- Adobe acrobat_professional 9
- Adobe acrobat_professional 9.1
- Adobe acrobat_professional 9.1.2
- Adobe acrobat_professional 9.1.3
- Adobe acrobat_professional 9.2
- Adobe acrobat_standard 8.0
- Adobe acrobat_standard 8.1
- Adobe acrobat_standard 8.1.1
- Adobe acrobat_standard 8.1.2
- Adobe acrobat_standard 8.1.3
- Adobe acrobat_standard 8.1.4
- Adobe acrobat_standard 8.1.6
- Adobe acrobat_standard 8.1.7
- Adobe acrobat_standard 9
- Adobe acrobat_standard 9.1
- Adobe acrobat_standard 9.1.2
- Adobe acrobat_standard 9.1.3
- Adobe acrobat_standard 9.2
- Adobe reader 6.0.1
- Adobe reader 7.0.9
- Adobe reader 8.0
- Adobe reader 8.1
- Adobe reader 8.1.1
- Adobe reader 8.1.2
- Adobe reader 8.1.3
- Adobe reader 8.1.4
- Adobe reader 8.1.5
- Adobe reader 8.1.6
- Adobe reader 8.1.7
- Adobe reader 9
- Adobe reader 9.1
- Adobe reader 9.1.1
- Adobe reader 9.1.2
- Adobe reader 9.1.3
- Adobe reader 9.2
- Gentoo linux
- Red_hat desktop_extras 3
- Red_hat desktop_extras 4
- Red_hat enterprise_linux_as_extras 3
- Red_hat enterprise_linux_as_extras 4
- Red_hat enterprise_linux_desktop_supplementary 5 Client
- Red_hat enterprise_linux_es_extras 3
- Red_hat enterprise_linux_es_extras 4
- Red_hat enterprise_linux_extras 3
- Red_hat enterprise_linux_extras 4
- Red_hat enterprise_linux_supplementary 5 Server
- Red_hat enterprise_linux_ws_extras 3
- Red_hat enterprise_linux_ws_extras 4
- Suse opensuse 11.0
- Suse opensuse 11.1
- Suse opensuse 11.2
- Suse suse_linux_enterprise 10 SP2
- Suse suse_linux_enterprise 10 SP3
- Suse suse_linux_enterprise_desktop 11
References
- BugTraq: 40586
- BugTraq: 38195
- BugTraq: 36665
- CVE: CVE-2010-0188
- CVE: CVE-2009-4324
- CVE: CVE-2010-2883
- CVE: CVE-2010-1297
- CVE: CVE-2008-2992
- CVE: CVE-2009-2990
- URL: http://bugix-security.blogspot.com/2010/03/adobe-pdf-libtiff-working-exploitcve.html
- URL: http://sites.google.com/site/felipeandresmanzano/
- URL: http://blogs.adobe.com/psirt/2009/10/adobe_reader_and_acrobat_issue_1.html
- URL: http://www.adobe.com/support/security/advisories/apsa10-01.html
- URL: http://feliam.wordpress.com/2010/02/11/flash-on-a-pdf-with-minipdf-py/
- URL: http://www.adobe.com/support/security/advisories/apsa09-07.html
- URL: http://www.adobe.com/support/security/bulletins/apsb10-02.html
- URL: http://www.adobe.com/support/security/bulletins/apsb09-15.html
- URL: http://www.adobe.com/support/security/bulletins/apsb10-07.html
- URL: http://secunia.com/blog/76/