It's a vulnerability that impacts Adobe Acrobat and Reader for Windows and Macintosh, specifically a Critical Buffer Access with Incorrect Length Value that can result in Remote Code Execution. <https://helpx.adobe.com/security/products/acrobat/apsb17-36.html <https://helpx.adobe.com/security/products/acrobat/apsb17-36.html>>
It was added to the ClamAV signature database on Friday and the signature looks
for:
VIRUS NAME: Emf.Exploit.CVE_2017_16395-6376329-0
TDB: Target:0
LOGICAL EXPRESSION: (0&1)
* SUBSIG ID 0
+-> OFFSET: ANY
+-> SIGMOD: NONE
+-> DECODED SUBSIGNATURE:
{WILDCARD_ANY_STRING(LENGTH==36)} EMF
* SUBSIG ID 1
+-> OFFSET: ANY
+-> SIGMOD: NONE
+-> DECODED SUBSIGNATURE:
<Hex string removed so that this message is not detected as infected>
-Al-
On Sun, Nov 19, 2017 at 09:12 AM, Mark Foley wrote:
> For the past couple of days I've been getting notices from clamscan for
> Emf.Exploit.CVE_2017_16395-6376329-0. clamscan is running on the IMAP Maildir
> directories and is finding this exploit on emails as old as 2010.
>
> I can find nothing on this exploit searching on the web other than it exists.
> No
> description, etc. Can anyone tell me anything about this? What systems does it
> affect (Windows only?) What does it do? Etc. I'll have to decide whether to
> remove these old emails or stick this signature into my .ign2 file.
>
> btw - is there some good website that describes ALL current exploits?
> cve.mitre.org <http://cve.mitre.org/> has a supposed complete list but for
> CVE-2017-16395 all it says
> is:
>
> ** RESERVED **
> This candidate has been reserved by an organization or individual that
> will use it when announcing a new security problem. When the
> candidate has been publicized, the details for this candidate will be
> provided.
>
> THX --Mark
-Al-
--
Al Varnell
Mountain View, CA
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ clamav-users mailing list [email protected] http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
