PDF JavaScript detected (PDF_JavaScript_Detected)

About this signature or vulnerability

Proventia Network IPS, Proventia Desktop, RealSecure Server Sensor, RealSecure Network, BlackICE Server Protection, BlackICE PC Protection, Proventia-G 1.1 and earlier, Proventia Network IDS, IBM Security Server Protection for Windows, Proventia Network MFS, Virtual Server Protection for Vmware, Proventia Server IPS for Linux technology:

This is an Audit event. It is not indicative of an attack.

This signature triggers when a PDF document containing embedded JavaScript is detected.

This is an Audit event. It is not indicative of an attack.<p>This signature triggers when a PDF document containing embedded JavaScript is detected.

This is an Audit event. It is not indicative of an attack.

This signature triggers when a PDF document containing embedded JavaScript is detected.

False positives

Proventia Network IPS, Proventia Desktop, RealSecure Server Sensor, RealSecure Network, BlackICE Server Protection, BlackICE PC Protection, Proventia-G 1.1 and earlier, Proventia Network IDS, IBM Security Server Protection for Windows, Proventia Network MFS, Virtual Server Protection for Vmware, Proventia Server IPS for Linux technology: None.

False negatives

Proventia Network IPS, Proventia Desktop, RealSecure Server Sensor, RealSecure Network, BlackICE Server Protection, BlackICE PC Protection, Proventia-G 1.1 and earlier, Proventia Network IDS, IBM Security Server Protection for Windows, Proventia Network MFS, Virtual Server Protection for Vmware, Proventia Server IPS for Linux technology: None.

Default risk level

Low risk vulnerability  Low

Sensors that have this signature

Proventia Network IPS: XPU 28.020, Proventia Desktop: 2160, RealSecure Server Sensor: XPU 28.020, RealSecure Network: XPU 28.020, BlackICE Server Protection: 3.6.cqv, BlackICE PC Protection: 3.6cqv, Proventia-G 1.1 and earlier: XPU 28.020, Proventia Network IDS: XPU 28.020, IBM Security Server Protection for Windows: 2.0.252.2160, IBM Security Server Protection for Windows: 1.0.914.2160, Proventia Network MFS: XPU 28.020, IBM Security Server Protection for Windows: 2.1.14.2400, Virtual Server Protection for Vmware: 1.0, Proventia Server IPS for Linux technology: 28.020

Systems affected

Adobe Acrobat Reader

Type

Protocol Signature

Vulnerability description

A .pdf file containing JavaScript has been detected. By persuading a victim to open a specially-crafted PDF document, an attacker could be attempting to execute arbitrary code on the system.

How to remove this vulnerability

This audit is for informational purposes only.

References

Adobe Web site
Adobe Acrobat Reader
http://get.adobe.com/reader/

ISS X-Force
PDF JavaScript detected
http://www.iss.net/security_center/static/40406.php