An independent researcher security and penetration tester at SecRecon published a tool (the PDF Exploit Generator) specifically designed to bring various exploits that can be used in PDF files.
The utility it's useful for auditing activities, but it could also cause a lot of damage to users working with unpatched versions of Adobe Reader and Acrobat if it falls into the wrong hands.
According to Darren Pauli from The Register, the tool is fully operational "in versions of Adobe Reader and Acrobat 8.x before 8.2.1 and 9.3.1 9.x."
Although it can only be used with old exploits for vulnerabilities that have been reported in the latest updates of the two productof, there may still be many who have not upgraded their programs. Needless to say, they are in danger.
The tool has been dubbed (as we said above) in PDF Exploit Generator and supports the introduction of URLs to provide exploited PDFs.
The project developer is Claes Spett, security researcher at SecRecon. It has it software through Google Drive and advises everyone who downloads it to use it responsibly. Of course, this will not prevent malicious use of the software.
Another use of the utility could be for research to raise awareness and enhance security staff in a company. Since it exploits PDFs, it is suitable for phishing attacks and social engineering trials, for staff training. The PDF Exploit Generator can become a good training tool but also very destructive to the wrong hands.
