1
Would it make a difference we if use a product such as SumatraPDF or FoxIt?
PeanutsMonkey
Posted 2011-11-15T21:38:11.683
Reputation: 7 780
Are malicious PDF documents limited to Adobe Reader?
Answers
2
It depends entirely on the reader's implementation and the nature of the bug. Like @Luke says above, some bugs are in the underlying OS or other libraries. In those cases, there's a fair chance that other readers will be affected (but no guarantee, they may use a different library call, have their own implementation, sanitize the input better, etc.). Other exploits like buffer overflows are more specific to the program and are much less likely to impact other readers.
Kevin
Posted 2011-11-15T21:38:11.683
Reputation: 1 019
1How am I able to tell what underlying OS libraries or other libraries the reader is using? – PeanutsMonkey – 2011-11-15T22:03:15.190
1@PeanutsMonkey you can't - unless the program's credits/about screen mentions them. – Sathyajith Bhat – 2011-11-16T07:54:51.997
2Although unconfirmed (so I'm not making it an answer) it is down to the Operating System for certain parts, and down to the program for certain other ones. Adobe does a good job of patching bugs that are reported, but if you look at the Mac OS, they still have a PDF bug that affects Preview, Adobe Acrobat and Adobe Reader – Canadian Luke – 2011-11-15T21:41:03.443
1To expand a little on this topic without adding an answer: arbitrary executable files are specified and allowed in the PDF spec. Certainly most readers at this point operate on low trust of such features, but it is/may be possible to enable such functionality if desired. – horatio – 2011-11-15T22:02:35.583
@horatio - How would I know what executable files are allowed to be run when viewing a PDF? Is there a way to determine what executable files are included in the PDF before opening it? – PeanutsMonkey – 2011-11-15T22:05:50.740
1
I don't know. Perhaps something like ( http://www.cheapimpostor.com/PDFInspector/ ) which I have never used and make no claims of safety about.
– horatio – 2011-11-15T22:21:33.8601@Linker3000/Tom Wijsman/studiohack - I would appreciate if you could let me know what would have made the question constructive? – PeanutsMonkey – 2011-11-17T18:46:45.540