Permalink
Browse files

added printSeps detection

  • Loading branch information...
urule99
urule99 committed Nov 10, 2010
1 parent 9510142 commit 470e74f1ad74670462decf465365520465b0c4de
Showing with 17 additions and 0 deletions.
  1. +6 −0 pre.js
  2. +11 −0 rules
View
6 pre.js
@@ -51,6 +51,7 @@ var app = {
setTimeOut:function(txt,wait){ eval(txt); print ("; //jsunpack.called setTimeOut with "+txt + ', ' + wait);},
clearTimeOut:function(a){},
eval:function(a){eval(a);},
alert:function(a){ print ("/*** app.alert " + a + "*/"); },
};
function my_activex(){
@@ -306,6 +307,9 @@ app.doc = {
Function : function(thefunc){
print (thefunc);
},
printSeps : function(){
print ("//alert CVE-2010-4091 doc.printSeps access");
},
};
function my_collab(){
@@ -319,6 +323,8 @@ var syncAnnotScan = app.doc.syncAnnotScan;
app.doc.Collab = Collab;
app.doc.media = this.media;
app.media = this.media;
var doc = app.doc;
var printSeps = app.doc.printSeps;
this.exportDataObject = function(){
print ("//warning CVE-NO-MATCH call to exportDataObject, possible social engineering");
};
View
11 rules
@@ -42,6 +42,17 @@ rule SpellcustomDictionaryOpen: decodedPDF
condition:
1 of them
}
rule printSeps: decodedPDF
{
meta:
ref = "CVE-2010-4091"
hide = true
strings:
$cve20104091_1 = "doc.printSeps"
$cve20104091_2 = "this.printSeps"
condition:
1 of them
}
/*
//This rule is not strong enough, handled by detecting createElement x 100 in pre.js now

0 comments on commit 470e74f

Please sign in to comment.