TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
732
URL for a PDF file that, when loaded by a target user, will cause arbitrary scripting code to be executed by the target
user's Firefox browser.The code will originate from the target site hosting the PDF file and will run in the security
context of that site.As a result, the code will be able to access the target user's cookies (including authentication
cookies), if any, associated with the site, access data recently submitted by the target user via web form to the site, or
take actions on the site acting as the target user.The Adobe Reader plugins for Microsoft Internet Explorer, Mozilla
Firefox, and Opera browsers are affected.Adobe Acrobat Standard, Acrobat Professional, Acrobat Elements, and
Adobe Acrobat 3D are also affected when used with certain browsers.The vendor has issued fixed versions of Adobe
Reader (7.0.9, 8.0.0). This signature triggers when packet has pattern '.pdf#FDF=res://'
Signature ID: 32571
Adobe Acrobat Reader Plugin-UXSS in #XML field
Threat Level: Severe
Industry ID: CVE-2007-0045 CVE-2007-0046 CVE-2007-0044 Bugtraq: 21858
Signature Description: A remote user could exploit this vulnerability using the XML parameter in a specially-crafted
URL for a PDF file that, when loaded by a target user, will cause arbitrary scripting code to be executed by the target
user's Firefox browser.The code will originate from the target site hosting the PDF file and will run in the security
context of that site.As a result, the code will be able to access the target user's cookies (including authentication
cookies), if any, associated with the site, access data recently submitted by the target user via web form to the site, or
take actions on the site acting as the target user.The Adobe Reader plugins for Microsoft Internet Explorer, Mozilla
Firefox, and Opera browsers are affected.Adobe Acrobat Standard, Acrobat Professional, Acrobat Elements, and
Adobe Acrobat 3D are also affected when used with certain browsers.The vendor has issued fixed versions of Adobe
Reader (7.0.9, 8.0.0).
Signature ID: 32572
Adobe Acrobat Reader Plugin-UXSS in #XFDF field
Threat Level: Severe
Industry ID: CVE-2007-0045 CVE-2007-0044 Bugtraq: 21858
Signature Description: A remote user could exploit this vulnerability using the XFDF parameter in a specially-crafted
URL for a PDF file that, when loaded by a target user, will cause arbitrary scripting code to be executed by the target
user's Firefox browser.The code will originate from the target site hosting the PDF file and will run in the security
context of that site.As a result, the code will be able to access the target user's cookies (including authentication
cookies), if any, associated with the site, access data recently submitted by the target user via web form to the site, or
take actions on the site acting as the target user.The Adobe Reader plugins for Microsoft Internet Explorer, Mozilla
Firefox, and Opera browsers are affected.Adobe Acrobat Standard, Acrobat Professional, Acrobat Elements, and
Adobe Acrobat 3D are also affected when used with certain browsers.The vendor has issued fixed versions of Adobe
Reader (7.0.9, 8.0.0).
Signature ID: 32573
Adobe Acrobat Reader Plugin-Possible Remote Code Execution through #FDF field
Threat Level: Severe
Industry ID: CVE-2007-0046 CVE-2007-0044 Bugtraq: 21858
Signature Description: A remote user could exploit this vulnerability using the FDF parameter in a specially-crafted
URL for a PDF file that, when loaded by a target user, will cause arbitrary scripting code to be executed by the target
user's Firefox browser.The code will originate from the target site hosting the PDF file and will run in the security
context of that site.As a result, the code will be able to access the target user's cookies (including authentication
cookies), if any, associated with the site, access data recently submitted by the target user via web form to the site, or
take actions on the site acting as the target user.The Adobe Reader plugins for Microsoft Internet Explorer, Mozilla
Firefox, and Opera browsers are affected.Adobe Acrobat Standard, Acrobat Professional, Acrobat Elements, and
Adobe Acrobat 3D are also affected when used with certain browsers.The vendor has issued fixed versions of Adobe
Reader (7.0.9, 8.0.0). This signature triggers when packet has pattern '.pdf#FDF=<script>' .