MediumIBM Security Server Protection for Windows, Proventia Network MFS, Proventia-G 1.1 and earlier, Proventia Network IDS, RealSecure Server Sensor, RealSecure Network, Proventia Desktop, Proventia Network IPS, Virtual Server Protection for Vmware, Proventia Server IPS for Linux technology:
This event detects a PDF (Portable Document Format) file containing a hex-encoded form of the "/JavaScript" action name, suggesting malicious intent to conceal the presence of JavaScript within the document.
This event detects a PDF (Portable Document Format) file containing a hex-encoded form the "/JavaScript" action name, suggesting malicious intent to conceal the presence of JavaScript within the document.
Medium
IBM Security Server Protection for Windows: 2.0.300.2380, IBM Security Server Protection for Windows: 1.0.914.2380, IBM Security Server Protection for Windows: 2.1.14.2400, Proventia Network MFS: XPU 29.040, Proventia-G 1.1 and earlier: XPU 29.040, Proventia Network IDS: XPU 29.040, RealSecure Server Sensor: XPU 29.040, RealSecure Network: XPU 29.040, Proventia Desktop: 2380, Proventia Network IPS: XPU 29.040, Virtual Server Protection for Vmware: 1.0, Proventia Server IPS for Linux technology: 29.040
PDF PDF
Suspicious Activity
A PDF file containing a JavaScript name tag that has been encoded using the PDF name-escaping mechanism has been detected. This could indicate that an attacker is attempting to evade pattern matching IDS systems and take control of a system.
This audit is for informational purposes only. Consider blocking the traffic.
ISS X-Force
PDF encoded JavaScript tag detected
http://www.iss.net/security_center/static/49763.php