Check Point Advisories

FDF Files Containing Timed JavaScript (CVE-2009-3956)

Check Point Reference: SBP-2010-04
Date Published: 12 Jan 2010
Severity: N/A
Last Updated: Tuesday 12 January, 2010
Source:
Industry Reference:CVE-2009-3956
Protection Provided by:

Security Gateway
R81, R80, R77, R75, R71, R70
Who is Vulnerable?
Vulnerability Description FDF is a file format used for representing form data and annotations that are contained in a PDF form. A remote attacker may exploit this issue to inject JavaScript into a PDF file from any domain on the internet. When Acrobat loads an FDF file, there is no check to ensure that the target file, which the FDF data is intended to be loaded into, resides on the same domain as where the FDF was loaded from. A remote attacker may exploit this issue by hosting a malicious FDF file, which initiates loading of a PDF document from the target domain, and then injecting script which will be executed as if it was loaded from within the target PDF domain. Successful exploitation of the vulnerability will allow the attacker to effectively inject JavaScript into a PDF file from any domain on the internet. There are cases in which certain traffic, although not intended for malicious use, is very unsafe, since it may transfer shellcode which is undetectable by IPS.

Protection Overview

This protection will detect and block attempts to transfer FDF files that contain JavaScript over HTTP

In order for the protection to be activated, update your Security Gateway product to the latest IPS update. For information on how to update IPS, go to SBP-2006-05, click on Protection tab and select the version of your choice.

Security Gateway R80 / R77 / R75 / R71 / R70

  1. In the IPS tab, click Protections and find the FDF Files Containing Timed JavaScript protection using the Search tool and Edit the protection's settings.
  2. Install policy on all Security Gateways.

This protection's log will contain the following information:

Attack Name:  Adobe Reader Violation.
Attack Information:  FDF File containing timed JavaScript

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK