CVE-2010-2883 and Forefront TMG 2010’s Malware Inspection

In case you’ve miss it, MS pushed an antivirus signature to detect malicious PDFs attempting to exploit CVE-2010-2883(0-day in Adobe PDF Reader/Acrobat) on 08.10.2010, so you can attempt to block potentially such malicious files at the gateway level with TMG.
The signature is detailed on the MPC Encyclopedia.

Additionally, you can have TMG to block HTTP responses containing PDF files(assuming they are not zipped or so), and you can combine this with the URL filtering if you want to be able to whitelist/blacklist some destinations.

Comments are closed