PDF viewers like Adobe Reader and Foxit Reader don’t allow embedded executables (like binaries and scripts) to be extracted and executed:īut I found another way to launch a command (/Launch /Action), and ultimately run an executable I embedded using a special technique. Foxit Reader displays no warning at all, the action gets executed without user interaction. With Adobe Reader, the user gets a warning asking for approval to launch the action, but I can (partially) control the message displayed by the dialog. I use a launch action triggered by the opening of my PoC PDF. This is a special PDF hack: I managed to make a PoC PDF to execute an embedded executable without exploiting any vulnerability!
