PDF JavaScript detected (PDF_JavaScript_Detected)

About this signature or vulnerability

BlackICE PC Protection, BlackICE Server Protection, Proventia Server IPS for Microsoft Windows technology, Proventia-G 1.1 and earlier, Proventia Network MFS, Proventia Desktop, Proventia Network IDS, Proventia Network IPS, RealSecure Server Sensor, RealSecure Network, Proventia Server IPS for Linux technology:

This is an Audit event. It is not indicative of an attack.<p>This signature triggers when a PDF document containing embedded JavaScript is detected.


False positives

BlackICE PC Protection, BlackICE Server Protection, Proventia Server IPS for Microsoft Windows technology, Proventia-G 1.1 and earlier, Proventia Network MFS, Proventia Desktop, Proventia Network IDS, Proventia Network IPS, RealSecure Server Sensor, RealSecure Network, Proventia Server IPS for Linux technology: None.

False negatives

BlackICE PC Protection, BlackICE Server Protection, Proventia Server IPS for Microsoft Windows technology, Proventia-G 1.1 and earlier, Proventia Network MFS, Proventia Desktop, Proventia Network IDS, Proventia Network IPS, RealSecure Server Sensor, RealSecure Network, Proventia Server IPS for Linux technology: None.

Default risk level

Low risk vulnerability  Low

Sensors that have this signature

BlackICE PC Protection: 3.6cqv, BlackICE Server Protection: 3.6.cqv, Proventia Server IPS for Microsoft Windows technology: 2.0.252.2160, Proventia Server IPS for Microsoft Windows technology: 1.0.914.2160, Proventia-G 1.1 and earlier: XPU 28.020, Proventia Network MFS: XPU 28.020, Proventia Desktop: 2160, Proventia Network IDS: XPU 28.020, Proventia Network IPS: XPU 28.020, RealSecure Server Sensor: XPU 28.020, RealSecure Network: XPU 28.020, Proventia Server IPS for Linux technology: 28.020

Systems affected

Adobe Acrobat Reader

Type

Protocol Signature

Vulnerability description

A .pdf file containing JavaScript has been detected. By persuading a victim to open a specially-crafted PDF document, an attacker could be attempting to execute arbitrary code on the system.

How to remove this vulnerability

This audit is for informational purposes only.

References

ISS X-Force
PDF JavaScript detected
http://www.iss.net/security_center/static/40406.php