FILE-PDF -- Snort has detected suspicious traffic related to a PDF file. PDFs are easily exploitable. They include many ways to encapsulate data and are often targeted by attackers, who use the PDF's household name status for social engineering. Therefore, Snort includes Many PDF-targeted rules.
FILE-PDF Adobe Acrobat Reader xfa subform use after free attempt
This rule looks for nested Adobe XML XFA subforms that are used for exploiting use-after vulnerabilities in Adobe Acrobat and Reader products.
This rule fires on nested Adobe XML XFA subforms that are used for exploiting use-after vulnerabilities in Adobe Acrobat and Reader products.
No public information
No known false positives
Cisco Talos Intelligence Group
No rule groups
Use After Free
Use After Free (UAF) attacks target computer memory flaws to corrupt the memory execute code. The name refers to attempts to use memory after it has been freed, which can cause a program to crash under normal circumstances, or result in remote code execution in a successful attack.
CVE-2017-2951 |
Loading description
|
CVE-2017-3034 |
Loading description
|
CVE-2017-3120 |
Loading description
|
Tactic: Impact
Technique: Application or System Exploitation
For reference, see the MITRE ATT&CK vulnerability types here: https://attack.mitre.org