3月底最新PDF0day

There's a function within PDF specs to launch executables. or to run JavaScript. Why do we need these things?

With specs like these, it's no wonder it takes ages for Adobe Reader to boot up and load all the plugins.

It's no wonder there are regular security problems with PDF readers in general.

The perfect example is the "Escape from PDF" demo from Didier Stevens' blog.

Users of Foxit Reader: try opening Didier's demo PDF file. After opening, it will run CMD.EXE on your system;

no questions asked. And this is a legitimate PDF file which uses no exploits.

One way to reduce your risk is not to download PDF files from the web to your machine at

all. Instead of opening the files on your local machine, you can open them remotely in

viewers like Google Docs. This process can be made completely automatic with plugins

like PDF(for Chrome/Opera/Firefox/Iron). Do note that it will only work with PDF files you

access in the public web.

Otherwise, our guidance would be to use a PDF reader that's as unpopular as possible. The less users a product has, the less attacks it will attract.

下载demo PDF file运行后会弹出CMD.exe