27C3: danger lurks in PDF documents - Update
At the 27th Chaos Communication Congress (27C3) in Berlin, security researcher Julia Wolf of US company FireEye pointed out numerous, previously hardly known, security problems in connection with Adobe's PDF standard. For instance, a PDF can reportedly contain a database scanner that becomes active and scans a network when the document is printed on a network printer. Wolf said that the document format is also full of other surprises. For example, it is reportedly possible to write PDFs which display different content in different operating systems, browsers or PDF readers – or even depending on a computer's language settings.
Update: Adobe see the sandbox introduced with Reader X (Reader version 10.0) as the remedy for these problems, which allows code to be executed separately in 'protected mode'.
Other security experts recommend using special tools to remove meta data from PDFs or check the file syntax for conformity issues beforehand.
(Stefan Krempl / djwm)