FILE-PDF -- Snort has detected suspicious traffic related to a PDF file. PDFs are easily exploitable. They include many ways to encapsulate data and are often targeted by attackers, who use the PDF's household name status for social engineering. Therefore, Snort includes Many PDF-targeted rules.
FILE-PDF Multiple products ComboBox field Format action use-after-free attempt
Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-4448, CVE-2015-5095, CVE-2015-5099, CVE-2015-5101, CVE-2015-5111, and CVE-2015-5114.
This rule detects the attempted download of a PDF file containing malicious JS used to trigger a use-after-free vulnerability in Adobe Reader and Acrobat.
No public information
No known false positives
Cisco Talos Intelligence Group
MITRE::ATT&CK Framework::Enterprise::Execution::User Execution::Malicious File
Use After Free
Use After Free (UAF) attacks target computer memory flaws to corrupt the memory execute code. The name refers to attempts to use memory after it has been freed, which can cause a program to crash under normal circumstances, or result in remote code execution in a successful attack.
CVE-2015-5113 |
Loading description
|
CVE-2015-4448 |
Loading description
|
CVE-2024-25648 |
Loading description
|
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
