MediumProventia Network IPS, Proventia Desktop, RealSecure Server Sensor, RealSecure Network, Proventia-G 1.1 and earlier, Proventia Network IDS, Proventia Network MFS, IBM Security Server Protection for Windows, Virtual Server Protection for Vmware, Proventia Server IPS for Linux technology:
This event indicates the network transfer of a PDF (Portable Document Format) file containing an embedded action to launch an executable program. Typical PDF clients (Adobe Reader) ask for user confirmation before actually launching the application, but certain versions of FoxIt reader do not and merely start the application without user confirmation.
This signature detects the network transfer of a PDF (Portable Document Format) file containing an embedded action to Launch an executable program. Typical PDF clients (Adobe Reader) ask for user confirmation before actually launching the application, but certain versions of FoxIt reader do not and merely start the application without user confirmation.
Medium
Proventia Network IPS: XPU 30.041, Proventia Desktop: 2505, RealSecure Server Sensor: XPU 30.041, RealSecure Network: XPU 30.041, Proventia-G 1.1 and earlier: XPU 30.041, Proventia Network IDS: XPU 30.041, Proventia Network MFS: XPU 30.041, IBM Security Server Protection for Windows: 2.0.300.2505, IBM Security Server Protection for Windows: 2.1.14.2505, Virtual Server Protection for Vmware: XPU 30.041, Proventia Server IPS for Linux technology: 30.041
PDF PDF
Unauthorized Access Attempt
A PDF file has been detected attempting to launch a program from within the document.
No remedy available as of December 4, 2010.
ISS X-Force
A program is being launched from within a PDF
http://www.iss.net/security_center/static/57807.php