A Survey: Vulnerabilities Present in PDF Files

A Survey: Vulnerabilities Present in PDF Files

Sakshi Gupta (The Northcap University, India) and Yogita Gigras (The Northcap University, India)
Copyright: © 2017 |Pages: 11
DOI: 10.4018/978-1-5225-2154-9.ch001
OnDemand PDF Download:
No Current Special Offers


This chapter presents a compiled analysis of the Characteristics and various vulnerabilities that are present till date of PDF files. Samples of maliciousness can include some zero days and files used on wild for some specific attacks. The PDF format is showed very quickly only to help understand the attack vectors. The PDF files that are malicious attacks are one of the wildest for almost a decade, and recently these types of attacks are increasing, and the various techniques are used to isolate from the anti-virus and other anti-malware software is growing very complex; hence, this is an important reason to work on understanding the protection point.
Chapter Preview


Portable Document Format can be abbreviated as PDF and have about two decades of existence, each version of which offers extra features, extensions that may support JavaScript, embedded files and offering huge amount of advantages. In 2008, PDF documents have become a standard in providing the platform independency, security and portability over the other documents formats like wordpad etc. There exist many applications who can not view these files. With these kind of features were consider PDF files as most safe, as they are not executed. In the previous decade too PDF succeeded to maintain a privileged position over the document formats. Until joined the list of non - executable files that they have served as a vehicle for new attacks, such as files text documents, spreadsheets, presentations, video or audio files, allowing Attackers seize computers with the simple fact that a user open a PDF document in your computer.

Recently many news have been aired related to new types of exploitation and abuses that can be done using the PDF files, and certain measures to eliminate these using various types of anti-virus and anti-malware software. These files have also become a complex task in analyzing the signature used on regular basis. For example in is demonstrated as using an encoder little used to use a known vulnerability in the handling of TIFF files (CVE-2010-0188). In described another attack where exploits an old vulnerability (CVE-2010-0188) where XML is hidden in a TIFF, but this time using a bit encoding used to generate the XML, so They are avoiding detection by antivirus.

Figure 1.

PDF file format

Table 1.
Abuses in PDF files
CVE IDDescriptionExploitability
CVE-2014-0546Allow the bypassing of the sandboxLow targeted attacks
CVE-2014-0496Adobe Acrobat exploitLow
CVE-2013-3346Adobe Acrobat ToolButtonLow
CVE-2013-2729PDF File Heap & Integer OverflowLow targeted attacks
CVE-2013-0641PDF File exploit & Bypassing SandboxLow
CVE-2012-0754PDF files Flash Contains Corrupted videosMedium
CVE-2011-4369PDF file vulnerability in corrupted memoryMedium
CVE-2011-2462PDF file vulnerability in corrupted memory U3D. Discovered by Lockheed MartinHigh
CVE-2011-2100Inclusion exploit in DLL (Require File and a malicious DLL in same directory). Discovered by Mila ParkourLow
CVE-2011-0611Flash Files are embedded in the Ms-office or the pdf filesHigh
CVE-2011-0609Flash File Vulnerability; detected in Adobe and Adobe AcrobatHigh
CVE-2010-4091Report PDF Doc.printSeps corrupted memory errorLow
CVE-2010-3654Flash file Authorization play ExploitHigh
CVE-2010-2883Stack Type Buffer Overflow in CoolType.dllHigh
CVE-2010-2884Not specified vulnerabilityMedium
CVE-2010-2862Integer Overflow in CoolType.dllLow
CVE-2010-1240Embedded exe is opened using in built functionalityLow
CVE-2010-1297Handling of DoABC FlashMedium
CVE-2010-0188Integer OverflowHigh
CVE-2009-3957Dereference of NULL pointerLow
CVE-2009-3954Vulnerability in 3D loadingLow
CVE-2009-3953Out of bound issue in U3DLow
CVE-2009-4324Use-after-free vulnerability in media playerHigh
CVE-2009-3459Heap buffer overflowMedium
CVE-2009-1862Not specified exploit in flash filesLow
CVE-2009-1493Dictionary Open type Buffer OverflowLow
CVE-2009-1492Exploitation with the help of open action using javascript code Low
CVE-2009-0927Crafted Argument Used in Stack Buffer overflowHigh
CVE-2007-0836Bypassing authorization and overflow of stackLow
CVE-2009-0658Overflow of Buffer in ImageLow
CVE-2008-2992Util.printf in stack buffer overflowHigh
CVE-2008-0655Crafted arguments buffer overflowHigh

Complete Chapter List

Search this Book: