Think you have a false positive on this rule?

Sid 1-47163


FILE-PDF Adobe Reader XFA nested subforms out-of-bounds read attempt


This event is generated when a crafted PDF file containing JavaScript manipulating XFA subforms traverses the network


Attempted User Privilege Gain

Detailed information

This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the XML Forms Architecture Engine (XFA) manipulated through the JavaScript API. A malformed input leads to flawed computation that involves pointer offset arithmetic which does not adequately account for the buffer boundaries. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.

Affected systems

  • Acrobat Reader (v. 2018.011.20040) on Windows 7 (x86)

Ease of attack

False positives

None known.

False negatives

None known.

Corrective action


  • Cisco's Talos Intelligence Group

Additional References