This group of signatures uses multiple heuristic methods to detect malicious Portable Document Format (PDF) files.
| malicious-pdf (50690) |  High Risk |
Description:
Many malicious PDFs are detected by the Proventia IPS (Intrusion Prevention System) module, also known as PAM, the Protocol Analysis Module. Proventia IPS has heuristic detections that look for shellcode, suspicious JavaScript, obfuscation, or a combination of those techniques typically employed by attackers in malicious PDFs. Although many vulnerabilities in PDF parsers are also covered by specific IPS signatures, exploits for PDF parser vulnerabilities are often detected by this group of heuristic IPS signatures. For more details about the signatures in this group, see References.
Consequences:
Gain Access
Remedy:
The signatures associated with this group generically detect exploits for many vulnerabilities. Removal instructions will vary from vulnerability to vulnerability. In general, keeping software current with the latest update will help avoid vulnerabilities. These signatures can help keep you protected against vulnerabilities that are not yet public or those that have no available patch.
References:
- Proventia IPS Signature: PDF obfuscated stream detected.
- Proventia IPS Signature: PDF javascript exploit.
Platforms Affected:
- Any PDF viewer or editor
Reported:
Not available
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email ignore thisxforceignore this@ignore thisus.ignore thisibm.comignore this