Would you open a PDF if you knew the sender? What if the PDF contained a script that could execute a command when you open it?
Well security researcher Didier Stevens has found a way using pdf scripting to "escape from PDF". His research with PDF's makes me think of macro exploits in Word. You can read about Didier's research here.
Jeremy Conway, has taken this research a step further and created a proof of concept that uses one PDF to infect another existing PDF. You can read about Jeremy's research here
All of this research was passed on to Adobe for analysis.
Mike found an article on the ZDNet Blog with the Adobe suggested work around to mitigate a pontential attack of this nature.
Posted by
Jason
