

CSI:Internet - PDF Timebomb - crazyjimbo
http://www.h-online.com/security/features/CSI-Internet-PDF-timebomb-1038864.html

======
datasink
Looks like a pretty well conducted spear phishing attack. If the exploit code
hadn't crashed Acrobat Reader, chances are the originating attacker would have
a nice flow of 0-day exploits from this security researcher.

------
dctoedt
Interesting article; I wonder if it's been hacked itself? The text of the
article seems to finish at page 3, even though the page-count links at the
bottom of each page show 4 pages. I clicked on the "Next" link at the bottom
of page 3, and Avast! detected a threat. I didn't keep going.

~~~
Semiapies
The fourth page is a commented listing of the exploit. Supposedly, it can
trigger some antivirus programs.

------
harshpotatoes
So why does adobe reader allow for the execution of javascript from pdf files?

~~~
datasink
[http://www.adobe.com/devnet/acrobat/pdfs/js_developer_guide....](http://www.adobe.com/devnet/acrobat/pdfs/js_developer_guide.pdf)

It looks like the major use case is adding functionality to interactive forms.
For example, you could create a PDF that allows you to submit to a SOAP
service upon clicking a submit button. You can also apparently interact with
database services using ODBC on Windows.

Why you would opt for this vs. a web form, given that both approaches would
require a coder, I really can't imagine.

~~~
harshpotatoes
Ah, I thought it might be for the forms. Still... it seems a little extreme to
have fully executable code in a file which is only being read. :sigh: if only
pdfs weren't so scary.

