NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

MarkPearce's avatar
MarkPearce
Aspirant
Aug 14, 2018
Solved

PDF Exploit

Hi,   I have started to get the follosing error when access some PDF files that have been created by us:   Aug 14 10:53:13 AI-NAS clamd[6579]: ScanOnAccess: /************.pdf: Pdf.Exploit.CVE...
Other Discussions
  • StephenB's avatar
    StephenB
    Aug 14, 2018
    MarkPearce wrote:

     

    Aug 14 10:53:13 AI-NAS clamd[6579]: ScanOnAccess: /************.pdf: Pdf.Exploit.CVE_2018_12798-6633682-0(00b60906f9c35e6bb064020fab67804d:1329806) FOUND
    Aug 14 10:53:13 AI-NAS clamd[6579]: ERROR: VirusEvent: fork failed.

     

    ... How do I find out what this exploit is...

    Google the CVE (in this case 2018_12798). Nist.gov will give more information ( https://nvd.nist.gov/vuln/detail/CVE-2018-12798 ), and in this case there is also an Adobe security bulletin ( https://helpx.adobe.com/security/products/acrobat/apsb18-21.html )

     

    The threat is that "Successful exploitation could lead to arbitrary code execution in the context of the current user."  ClamAV is finding the vulnerability,  it isn't saying it was successfully exploited.

StephenB's avatar
StephenB
Guru - Experienced User
Aug 14, 2018
MarkPearce wrote:

 

Aug 14 10:53:13 AI-NAS clamd[6579]: ScanOnAccess: /************.pdf: Pdf.Exploit.CVE_2018_12798-6633682-0(00b60906f9c35e6bb064020fab67804d:1329806) FOUND
Aug 14 10:53:13 AI-NAS clamd[6579]: ERROR: VirusEvent: fork failed.

 

... How do I find out what this exploit is...

Google the CVE (in this case 2018_12798). Nist.gov will give more information ( https://nvd.nist.gov/vuln/detail/CVE-2018-12798 ), and in this case there is also an Adobe security bulletin ( https://helpx.adobe.com/security/products/acrobat/apsb18-21.html )

 

The threat is that "Successful exploitation could lead to arbitrary code execution in the context of the current user."  ClamAV is finding the vulnerability,  it isn't saying it was successfully exploited.

MarkPearce's avatar
MarkPearce
Aspirant
Aug 14, 2018

Thank you.  I was making my search too concise so hadn't found it.  Looks like it is Client based, so need to find out which of my collegues is using an older version of Acrobat, as it seems to not pop up with the error in journalctl when I access the same files.

NETGEAR Academy

Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology! 

Join Us!

ProSupport for Business

Comprehensive support plans for maximum network uptime and business peace of mind.

 

Learn More