Rule Category

FILE-PDF -- Snort has detected suspicious traffic related to a PDF file. PDFs are easily exploitable. They include many ways to encapsulate data and are often targeted by attackers, who use the PDF's household name status for social engineering. Therefore, Snort includes Many PDF-targeted rules.

Alert Message

FILE-PDF Adobe Acrobat Pro XSLT out-of-bounds read attempt

Rule Explanation

This event is generated when an attacker attempts to exploit an out-of-bounds read vulnerability in Adobe Acrobat Reader. Impact: Attempted User Privilege Gain Details: Rule checks for attempts to exploit an out-of-bounds read vulnerability in Adobe Acrobat Reader. Ease of Attack:

What To Look For

Known Usage

No public information

False Positives

No known false positives

Contributors

Cisco Talos Intelligence Group

MITRE ATT&CK Framework

Tactic:

Technique:

For reference, see the MITRE ATT&CK vulnerability types here: https://attack.mitre.org

CVE

Additional Links

Rule Vulnerability

CVE Additional Information

CVE-2018-16023
Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
Details
Severity Base Score6.5
Impact Score3.6 Exploit Score2.8
Confidentiality ImpactHIGH Integrity ImpactNONE
Availability ImpactNONE Access Vector
Authentication Ease of Access
CVE-2018-16024
Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
Details
Severity Base Score6.5
Impact Score3.6 Exploit Score2.8
Confidentiality ImpactHIGH Integrity ImpactNONE
Availability ImpactNONE Access Vector
Authentication Ease of Access