HighProventia Network IPS, Proventia Desktop, RealSecure Network, RealSecure Server Sensor, Proventia-G 1.1 and earlier, Proventia Network IDS, Proventia Network MFS, IBM Security Server Protection for Windows, Proventia Server IPS for Linux technology, Virtual Server Protection for Vmware:
This event triggers on the network transfer of a PDF (Portable Document Format) file with incorrectly formatted stream data that appears to be an attempt to evade anti-virus and intrusion-detection software.
High
Proventia Network IPS: XPU 29.121, Proventia Desktop: 2465, RealSecure Network: XPU 29.121, RealSecure Server Sensor: XPU 29.121, Proventia-G 1.1 and earlier: XPU 29.121, Proventia Network IDS: XPU 29.121, Proventia Network MFS: XPU 29.121, IBM Security Server Protection for Windows: 2.1.14.2465, IBM Security Server Protection for Windows: 1.0.914.2465, IBM Security Server Protection for Windows: 2.0.300.2465, Proventia Server IPS for Linux technology: 29.121, Virtual Server Protection for Vmware: XPU 29.121
Adobe Acrobat, Adobe Acrobat: 3.0j, Adobe Acrobat: 4.0j, Adobe Acrobat: 4.05j, Adobe Acrobat: 7.0, Adobe Acrobat: 7.0.1, Adobe Acrobat: 8.0, Adobe Acrobat: 3.0, Adobe Acrobat: 3.1, Adobe Acrobat: 4.0, Adobe Acrobat: 4.0.5, Adobe Acrobat: 4.0.5A, Adobe Acrobat: 4.0.5C, Adobe Acrobat: 5.0, Adobe Acrobat: 5.0.10, Adobe Acrobat: 5.0.5, Adobe Acrobat: 5.0.6, Adobe Acrobat: 6.0, Adobe Acrobat: 6.0.1, Adobe Acrobat: 6.0.2, Adobe Acrobat: 6.0.3, Adobe Acrobat: 6.0.4, Adobe Acrobat: 6.0.5, Adobe Acrobat: 7.0.2, Adobe Acrobat: 7.0.3, Adobe Acrobat: 7.0.4, Adobe Acrobat: 7.0.5, Adobe Acrobat: 7.0.6, Adobe Acrobat: 7.0.7, Adobe Acrobat: 7.0.8, Adobe Acrobat: 7.0.9, Adobe Acrobat: 8.0.0, Adobe Acrobat: 8.1, Adobe Acrobat: 8.1.1, Adobe Acrobat: 7.0 Standard, Adobe Acrobat: 7.0 Professional, Adobe Acrobat: 7.0.1 Standard, Adobe Acrobat: 7.0.1 Professional, Adobe Acrobat: 7.0.2 Standard, Adobe Acrobat: 7.0.2 Professional, Adobe Acrobat: 7.0.3 Standard, Adobe Acrobat: 7.0.3 Professional, Adobe Acrobat: 7.0.4 Standard, Adobe Acrobat: 7.0.4 Professional, Adobe Acrobat: 7.0.5 Standard, Adobe Acrobat: 7.0.5 Professional, Adobe Acrobat: 7.0.6 Standard, Adobe Acrobat: 7.0.6 Professional, Adobe Acrobat: 7.0.7 Standard, Adobe Acrobat: 7.0.7 Professional, Adobe Acrobat: 7.0.8 Standard, Adobe Acrobat: 7.0.8 Professional, Adobe Acrobat: 7.0.9 Standard, Adobe Acrobat: 7.0.9 Professional, Adobe Acrobat: 8.0 Standard, Adobe Acrobat: 8.1 Standard, Adobe Acrobat: 8.1.1 Standard, Adobe Acrobat: 8.1.2 Standard, Adobe Acrobat: 8.0 Professional, Adobe Acrobat: 8.1 Professional, Adobe Acrobat: 8.1.1 Professional, Adobe Acrobat: 8.1.2 Professional, Adobe Acrobat: 9, Adobe Acrobat: 8.1.2, Adobe Acrobat: 9.0 Professional, Adobe Acrobat: 9.0 Professional Extended, Adobe Acrobat: 9.0 Standard, Adobe Reader: 7.0.1, Adobe Reader: 7.0.2, Adobe Reader: 7.0.3, Adobe Reader: 7.0.5, Adobe Reader: 7.0.7, Adobe Reader: 7.0.8, Adobe Reader: 7.0.9, Adobe Reader: 8.1.1, Adobe Acrobat: 9.0, Adobe Reader: 9.0, Adobe Acrobat: 7.1.0, Adobe Reader: 7.1.0, Adobe Reader: 8.1.2, Adobe Reader: 7.1.1, Adobe Reader: 8.1.4, Adobe Reader: 9.1, Adobe Acrobat: 9.1, Adobe Reader: 9.1.1, Adobe Acrobat: 9.1.1, Adobe Acrobat: 7.0.8 Elements, Adobe Acrobat: 7.1, Adobe Acrobat: 7.1.1, Adobe Acrobat: 9.0.0, Adobe Acrobat: 8.1.3, Adobe Acrobat: 8.1.4, Adobe Acrobat: 8.1.4 Standard, Adobe Acrobat: 8.1.3 Standard, Adobe Acrobat: 7.1.1 Standard, Adobe Acrobat: 9.1 Standard, Adobe Acrobat: 7.1 Standard, Adobe Acrobat: 8.1.2 Security Update Professional, Adobe Acrobat: 8.1.3 Professional, Adobe Acrobat: 8.1.4 Professional, Adobe Acrobat: 7.1 Professional, Adobe Acrobat: 9.1.2, Adobe Reader: 9.1.2, Adobe Acrobat: 9.1.3, Adobe Acrobat: 7.1.3, Adobe Acrobat: 8.1.6, Adobe Reader: 3.0, Adobe Reader: 4.0, Adobe Reader: 4.0.5, Adobe Reader: 4.0.5A, Adobe Reader: 4.0.5C, Adobe Reader: 4.5, Adobe Reader: 5.0, Adobe Reader: 5.0.10, Adobe Reader: 5.0.11, Adobe Reader: 5.0.5, Adobe Reader: 6.0, Adobe Reader: 5.1, Adobe Reader: 5.0.9, Adobe Reader: 5.0.7, Adobe Reader: 5.0.6, Adobe Reader: 6.0.5, Adobe Reader: 6.0.4, Adobe Reader: 6.0.3, Adobe Reader: 6.0.2, Adobe Reader: 6.0.1, Adobe Reader: 7.1.3, Adobe Reader: 9.1.3, Adobe Reader: 8.1.6
Unauthorized Access Attempt
This event triggers on the network transfer of a PDF (Portable Document Format) file with incorrectly formatted stream data that appears to be an attempt to evade anti-virus and intrusion-detection software.
Block traffic, install patches if available.
ISS X-Force
PDF stream detected
http://www.iss.net/security_center/static/54796.php