I had wondered about attack vectors using the self-editing and action chain features in #PDFs, and i am more than thrilled to see infosec ppl demonstrating them formally
one thing i have played with is PDFs being able to expose intra-document references, and reference external files in the local filesystem - this is how tools for links between PDF documents work that you can access from some LaTeX plugins. I have wondered how that would allow for probing local filesystems in combination with the form submission and email sending features in PDF that are sometimes enabled in readers, and i guess now i know.
they also don't seem to be considering the obfuscation techniques that are also widespread in PDFs, the way that streams can be executed to yield javascript without needing to look like js to the usual PDF introspection libraries. at least so far, i'm not to the end yet
Add comment