PDF JavaScript detected (PDF_JavaScript_Detected)

About this signature or vulnerability

IBM Security Server Protection for Windows, Proventia Network IDS, Proventia Network MFS, Proventia-G 1.1 and earlier, RealSecure Server Sensor, RealSecure Network, BlackICE Server Protection, BlackICE PC Protection, Proventia Desktop, Proventia Network IPS, Virtual Server Protection for Vmware, Proventia Server IPS for Linux technology:

This is an Audit event. It is not indicative of an attack.<p>This signature triggers when a PDF document containing embedded JavaScript is detected.

This is an Audit event. It is not indicative of an attack.

This signature triggers when a PDF document containing embedded JavaScript is detected.

This is an Audit event. It is not indicative of an attack.

This signature triggers when a PDF document containing embedded JavaScript is detected.


False positives

IBM Security Server Protection for Windows, Proventia Network IDS, Proventia Network MFS, Proventia-G 1.1 and earlier, RealSecure Server Sensor, RealSecure Network, BlackICE Server Protection, BlackICE PC Protection, Proventia Desktop, Proventia Network IPS, Virtual Server Protection for Vmware, Proventia Server IPS for Linux technology: None.

False negatives

IBM Security Server Protection for Windows, Proventia Network IDS, Proventia Network MFS, Proventia-G 1.1 and earlier, RealSecure Server Sensor, RealSecure Network, BlackICE Server Protection, BlackICE PC Protection, Proventia Desktop, Proventia Network IPS, Virtual Server Protection for Vmware, Proventia Server IPS for Linux technology: None.

Default risk level

Low risk vulnerability  Low

Sensors that have this signature

IBM Security Server Protection for Windows: 1.0.914.2160, IBM Security Server Protection for Windows: 2.0.252.2160, IBM Security Server Protection for Windows: 2.1.14.2400, Proventia Network IDS: XPU 28.020, Proventia Network MFS: XPU 28.020, Proventia-G 1.1 and earlier: XPU 28.020, RealSecure Server Sensor: XPU 28.020, RealSecure Network: XPU 28.020, BlackICE Server Protection: 3.6.cqv, BlackICE PC Protection: 3.6cqv, Proventia Desktop: 2160, Proventia Network IPS: XPU 28.020, Virtual Server Protection for Vmware: 1.0, Proventia Server IPS for Linux technology: 28.020

Systems affected

Adobe Acrobat Reader

Type

Protocol Signature

Vulnerability description

A .pdf file containing JavaScript has been detected. By persuading a victim to open a specially-crafted PDF document, an attacker could be attempting to execute arbitrary code on the system.

How to remove this vulnerability

This audit is for informational purposes only.

References

Adobe Web site
Adobe Acrobat Reader
http://get.adobe.com/reader/

ISS X-Force
PDF JavaScript detected
http://www.iss.net/security_center/static/40406.php