Signature Detail

Short Name	APP:IBM:FORMVIEWER-XFDL-BOF
Severity	High
Recommended	Yes
Recommended Action	Drop
Category	APP
Keywords	IBM Forms Viewer XFDL Form Fontname Tag Parsing Buffer Overflow
Release Date	2014/01/08
Update Number	2332
Supported Platforms	idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

APP: IBM Forms Viewer XFDL Form Fontname Tag Parsing Buffer Overflow

This signature detects attempts to exploit a known vulnerability in the IBM Forms Viewer. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the targeted application.

Extended Description

Stack-based buffer overflow in IBM Forms Viewer 4.x before 4.0.0.3 and 8.x before 8.0.1.1 allows remote attackers to execute arbitrary code via an XFDL form with a long fontname value.

Affected Products

ibm forms_viewer 4.0.0
ibm forms_viewer 4.0.0.1
ibm forms_viewer 4.0.0.2
ibm forms_viewer 8.0.0
ibm forms_viewer 8.0.1

References

CVE: CVE-2013-5447

Signature Detail

Short Name

Severity

Recommended

Recommended Action

Category

Keywords

Release Date

Update Number

Supported Platforms

APP: IBM Forms Viewer XFDL Form Fontname Tag Parsing Buffer Overflow

Extended Description

Affected Products

References