LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for June 20, 2013

Pencil, Pencil, and Pencil

Dividing the Linux desktop

LWN.net Weekly Edition for June 13, 2013

A report from pgCon 2013

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Unexpected features in Acrobat 7

Unexpected features in Acrobat 7

Posted May 8, 2008 2:49 UTC (Thu) by Blazer (guest, #51948)
Parent article: Unexpected features in Acrobat 7 

"Ok, how is this different in principle from, say, web server logs?"

Consider if you put a resume online in PDF format that contained code to phone home to
you...now your malicious javascript is potentially executing on the machines of people who
view your resume.

Consider some javascript code that reads or creates files on your hard drive, and optionally
sends results to some other server. Without any notice to the user.

I think its obvious that it has the potential to be a lot more invasive than a web server
logging a hit that you specifically requested. I don't care if google logs that I went to a
gmail URL. I do care however, if I open a document and it runs unknown code and sends
information to a third party without permission or notice.

(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds