Questions tagged [pdf]
Portable Document Format (PDF) is an open standard for electronic document exchange maintained by the International Organization for Standardization (ISO). Questions can be about PDF specific malware or protections.
184 questions
13 votes
2 answers
9k views
Why are PDF passwords so easy to break?
I thought that if a PDF is password encrypted, it is at least provides some kind of safety. However I received today an encrypted PDF, and was told the password. When I opened the document with my ...
- 233
2 votes
1 answer
424 views
How to create a PDF payload?
Several questions here "hint" at PDF capabilities (executing js code, exfiltrating/probing network, etc) But If i want to create one PDF that will trigger my internal phishing test url, how ...
- 355
2 votes
2 answers
982 views
If I try to open a PDF that is password protected inside an email, can I harm my PC [closed]
I have my own Office 365 tenant, and yesterday I got an email from the IT manager of an eligible chemical company in India, where the email contains a password-protected PDF. The email did not go to ...
0 votes
0 answers
87 views
Is it really a good idea to check downloaded PDFs on VirusTotal? [duplicate]
I often download PDF and DjVu files from shady websites. Is it a good idea to upload them on VirusTotal first or this is not really practially necessary? I often download 5 different versions of the ...
- 109
4 votes
1 answer
2k views
Do I need to worry about infection from a .PDF from an untrusted sender previewed within GMail?
Context: I received an email claiming an order has been shipped for a service that I am subscribed to but did not believe was due for renewal. I panicked and clicked to preview the attached invoice ...
- 43
11 votes
2 answers
5k views
A web site allows upload of pdf/svg files, can we say it is vulnerable to Stored XSS?
It is possible to have JavaScript code in pdf or svg files. I think JavaScript inside svg runs in almost all browsers and I think JavaScript inside pdf generally always runs in chrome. So during a ...
- 129
0 votes
1 answer
88 views
Practical advise on completing PCI DSS SAQ [closed]
I have established that my business needs to complete a PCI DSS SAQ-D form for attesting PCI compliance... twice - once as a merchant and once as a service provider! Even completing it once is a ...
- 133
1 vote
1 answer
73 views
PCI Compliance for Contract Management Software with User-Entered Card Data
I'm evaluating a contract management software that claims PCI compliance for my CC data. However, I am going to use the software to issue contracts to my customers where they directly enter credit ...
- 63
0 votes
0 answers
68 views
Do MS Word and Adobe Elf/Acrobat block javascripts from running?
I opened a pdf yesterday and found out it contained javascripts (that could possibly be malcious.) I wanted to know if the javascripts would trigger if I opened it in Word "protected view" ...
1 vote
0 answers
312 views
Malware in a PDF
I opened a PDF yesterday. How large would a PDF be that has malware? The one I downloaded was approximately 5 MB. If I opened the PDF on a browser, would the browser be infected? For some context: I ...
- 11
1 vote
1 answer
214 views
Does PDF level compression implicitly cleans file of malware?
Recently I've been looking into PDF files security, specifically about malware exploiting vulnerabilities in PDF readers. I thought about one thing - does compressing PDF file (for example, by using ...
- 13
1 vote
1 answer
834 views
How safe it is to view PDF file in browser without downloading the file into PC?
When I view the PDF file in a browser such as FireFox without downloading the file into my PC, does FireFox temporarily store the PDF file in my PC? I heard that FireFox has been sandbox heavily and ...
- 11
0 votes
0 answers
204 views
I am trying to identify suspicious content within a PDF file
I have a PDF file that has been sent to me as part of a suspicious email. I viewed the email as message source from within outlook. This gave me all raw text within the email. I copied this to ...
- 1
1 vote
1 answer
146 views
Do frequently crashing programs pose a bigger security threat than stable programs?
If I have an app that's frequently and randomly crashing, will it impose a bigger security threat (e.g: possible attack vector) than apps that are stable? Or are both apps equally protected from such ...
- 11
1 vote
1 answer
516 views
Is there a safe alternative to PDF?
As PDF may contain malicious code, is there any easy to use file format providing the same features ? If not, could you share recommendations to limit the attack surface for average users ? (exclude ...
- 113