Skip to main content


I just came across the slides for a presentation given by Julia Wolf, a senior researcher with FireEye. I only have the slides, unfortunately, but they are a fairly good technical summary of the basic details of PDF format and how it can be hacked.

From the summary:

PDFs are currently the greatest vector for drive-by (malware installing) attacks and targeted attacks on business and government. A/V technology is extraordinarily poor at detecting these. The PDF format itself is so diverse and vague, that an A/V would need to be 100% bug-compatible with the parser in the vulnerable PDF reader.

You can also do cool tricks like make a single PDF file that displays completely differently in several different readers.

If this presentation doesn’t scare you then trust me, it should.

slides (PDF)

27C3 Update: The video of the presentation has been uploaded to Youtube.

P.S. Note that the slides are a PDF and the presentation is on PDF hacking. I find that amusing, don’t you?

Similar Articles


fjtorres January 2, 2011 um 3:59 pm

Essentially it means that not only are PDFs not really ebooks, they have long since stopped being documents and are properly seen as self-executing software targetting the Acrobat runtime environment. (Or equivalents.)
And people routinely execute these things on their computers and printers with nary a though of where they come and what’s in them.
Maybe *that* is where Skynet comes from.
We really *are* all doomed. 🙂

Zigwalski January 2, 2011 um 11:08 pm

I am building my firewall as we speak….that is right, a Wall of Fire to protect me from the machines!

Neeraj Rawat January 3, 2011 um 5:25 am

great information even the google hack in china was done using a pdf vulnerability

Jakob January 3, 2011 um 5:32 pm

The video recording is now available and you can also view it at YouTube:

Nate the great January 3, 2011 um 5:37 pm


Write a Comment