- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
Re: PDF Exploit
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
I have started to get the follosing error when access some PDF files that have been created by us:
Aug 14 10:53:13 AI-NAS clamd[6579]: ScanOnAccess: /************.pdf: Pdf.Exploit.CVE_2018_12798-6633682-0(00b60906f9c35e6bb064020fab67804d:1329806) FOUND
Aug 14 10:53:13 AI-NAS clamd[6579]: ERROR: VirusEvent: fork failed.
How do I find out what this exploit is so that I can stop the error or make changes to the PDF files (We create interactive PDF's for people to use which include the addition of buttons/links etc within the PDF file.).
Solved! Go to Solution.
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@MarkPearce wrote:
Aug 14 10:53:13 AI-NAS clamd[6579]: ScanOnAccess: /************.pdf: Pdf.Exploit.CVE_2018_12798-6633682-0(00b60906f9c35e6bb064020fab67804d:1329806) FOUND
Aug 14 10:53:13 AI-NAS clamd[6579]: ERROR: VirusEvent: fork failed.
... How do I find out what this exploit is...
Google the CVE (in this case 2018_12798). Nist.gov will give more information ( https://nvd.nist.gov/vuln/detail/CVE-2018-12798 ), and in this case there is also an Adobe security bulletin ( https://helpx.adobe.com/security/products/acrobat/apsb18-21.html )
The threat is that "Successful exploitation could lead to arbitrary code execution in the context of the current user." ClamAV is finding the vulnerability, it isn't saying it was successfully exploited.
All Replies
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@MarkPearce wrote:
Aug 14 10:53:13 AI-NAS clamd[6579]: ScanOnAccess: /************.pdf: Pdf.Exploit.CVE_2018_12798-6633682-0(00b60906f9c35e6bb064020fab67804d:1329806) FOUND
Aug 14 10:53:13 AI-NAS clamd[6579]: ERROR: VirusEvent: fork failed.
... How do I find out what this exploit is...
Google the CVE (in this case 2018_12798). Nist.gov will give more information ( https://nvd.nist.gov/vuln/detail/CVE-2018-12798 ), and in this case there is also an Adobe security bulletin ( https://helpx.adobe.com/security/products/acrobat/apsb18-21.html )
The threat is that "Successful exploitation could lead to arbitrary code execution in the context of the current user." ClamAV is finding the vulnerability, it isn't saying it was successfully exploited.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: PDF Exploit
Thank you. I was making my search too concise so hadn't found it. Looks like it is Client based, so need to find out which of my collegues is using an older version of Acrobat, as it seems to not pop up with the error in journalctl when I access the same files.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: PDF Exploit
My client too is getting hundreads of these alerts and I was investigating. Thanks for the post.
Antivirus scanner found a threat (Pdf.Exploit.CVE_2018_12798-66
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: PDF Exploit
Hi!
You may want to visit https://www.netgear.com/about/security/default.aspx and report vulnerabilities
Thanks for correcting me @StephenB. In this case solution should be provided by the party involved. The link I presented is for any NETGEAR involved vulnerability.
the vulnerability is still undergoing analysis though, Im sure there will be a resolution for this once done.
Regards
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: PDF Exploit
@Marc_V wrote:
You may want to visit https://www.netgear.com/about/security/default.aspx and report vulnerabilities 🙂
It's not a Netgear vulnerability though, it's in vulnerability in some adobe pdf software. It's fairly new (published about a month ago), and all that's happened here is that ClamAV updated their antivirus definitions to detect it. I am a bit confused on what they are detecting though, since as far as I can tell from the published CVE, the vulnerability doesn't affect the on-disk format of the PDF.