An independent security researcher and penetration tester at SecRecon published a tool (the PDF Exploit Generator) specifically designed to bring various exploits that can be used in PDF files.
The utility it's useful for auditing activities, but it could also cause a lot of damage to users working with unpatched versions of Adobe Reader and Acrobat if it falls into the wrong hands.
According to Darren Pauli from The Register, the tool is fully operational "in versions of Adobe Reader and Acrobat 8.x before 8.2.1 and 9.3.1 9.x."
Although it can only be used with old exploits for vulnerabilities that have been reported in the latest updates of the two products, there may still be many who have not upgraded their programs. Of course, it is superfluous to mention that they are in danger.
The tool has been dubbed (as we said above) in PDF Exploit Generator and supports the introduction of URLs to provide exploited PDFs.
Ο developer του project είναι ο Claes Spett, ερευνητής ασφαλείας στο SecRecon. Διαθέτει το λογισμικό μέσω του Google Drive και συμβουλεύει όλους όσους το κατεβάσουν για την υπεύθυνη χρήση του. Αυτό βέβαια δεν θα εμποδίζει την κακόβουλη χρήση του software.
Another use of the utility could be to research the awareness and training of staff on safety issues in a company. Δεδομένου ότι εκμεταλλεύεται αρχεία PDF, είναι κατάλληλο για phishing attacks and social engineering tests, for staff training. The PDF Exploit Generator can become a good training tool but also very destructive to the wrong hands.
