Interesting article; I wonder if it's been hacked itself? The text of the article seems to finish at page 3, even though the page-count links at the bottom of each page show 4 pages. I clicked on the "Next" link at the bottom of page 3, and Avast! detected a threat. I didn't keep going.
It looks like the major use case is adding functionality to interactive forms. For example, you could create a PDF that allows you to submit to a SOAP service upon clicking a submit button. You can also apparently interact with database services using ODBC on Windows.
Why you would opt for this vs. a web form, given that both approaches would require a coder, I really can't imagine.
Ah, I thought it might be for the forms. Still... it seems a little extreme to have fully executable code in a file which is only being read. :sigh: if only pdfs weren't so scary.
Looks like a pretty well conducted spear phishing attack. If the exploit code hadn't crashed Acrobat Reader, chances are the originating attacker would have a nice flow of 0-day exploits from this security researcher.
7 comments
[ 3.4 ms ] story [ 31.4 ms ] threadIt looks like the major use case is adding functionality to interactive forms. For example, you could create a PDF that allows you to submit to a SOAP service upon clicking a submit button. You can also apparently interact with database services using ODBC on Windows.
Why you would opt for this vs. a web form, given that both approaches would require a coder, I really can't imagine.