""ET INFO PDF Containing Subform with JavaScript""

SID: 2014154

Revision: 4

Class Type: attempted-user

Metadata: affected_product Any, attack_target Client_Endpoint, created_at 2012_01_28, cve CVE_2017_2962, deployment Perimeter, signature_severity Major, tag DriveBy, updated_at 2017_01_06

Reference:

• cve

• 2017-2962

Protocol: tcp

Source Network: $EXTERNAL_NET

Source Port: $HTTP_PORTS

Destination Network: $HOME_NET

Destination Port: any

Flow: established,to_client

Contents:

• Value: "%PDF"

• Value: "subform"

• Value: "script"

Within: 4

PCRE:

Special Options:

• file_data

• nocase

• fast_pattern

• nocase

source