PDF to execute an embedded executable without exploitin

[jav]

This is a special PDF hack: I managed to make a PoC PDF to execute an embedded executable without exploiting any vulnerability!

I use a launch action triggered by the opening of my PoC PDF. With Adobe Reader, the user gets a warning asking for approval to launch the action, but I can (partially) control the message displayed by the dialog. Foxit Reader displays no warning at all, the action gets executed without user interaction.

Escape From PDF Didier Stevens

 

[jav]

Hacker finds a way to exploit PDF files, without a vulnerability | Zero Day | ZDNet.com

Credits for finding links and more discussion on this: PDF hack executes an embedded executable - Wilders Security Forums