Booby-trapping PDF files: A new how-to.
A security researcher has demonstrated a mechanism that exploits PDF files without taking advantage of any particular vulnerabilities.
Didier Stevens' proof of concept exploit relies on running an executable embedded in a PDF file - something that ought to be blocked - by launching a command that ultimately runs an executable.
In the case of Adobe Reader, such attempted launches generate a pop-up dialog box asking users if they want to proceed. However, this is not necessarily a major hurdle because Stevens was also able to manipulate the text displayed by the pop-up in a way that might easily fool most users.
Booby-trapping PDF files: A new how-to ? The Register