PDF documents as possible attack vectors
Kierznowski describes three ways of carrying out indirect attacks on users using prepared PDF files. He illustrates the point by providing two downloadable demo files. The first, on loading, opens, without the assistance of the user, a window in the preferred browser. Under certain circumstances, this may take a user to websites which exploit vulnerabilities in their browser to infiltrate malware onto their system or install trojans.
- Backdooring PDF Files, blog entry by David Kierznowski