Definitions
  • PDF

Definitions

  • PDF

Definitions

Acroforms

An 'Acrobat Form' in addition to looking like a form, may also contain active code (e.g., JavaScript) which could be malicious. They can also be used to hide objects inside other objects.

Active Content Types & Macros & Javascript

Macros & JavaScript are forms of active code, which may be benign in nature, but all too often are used by bad actors to mount an attack against the user or receiving system when expressed in a business document.

All Actions

An action within a PDF may be benign, but it’s designed to make the document dynamic. An attacker may use the action to trigger active code (e.g., JavaScript) or send data to a URL. The functionality can be misused to cause harm to the recipient.

Digital Signatures

The source document may have been signed with a digital signature. Whilst the signing may not represent a threat, if the ownership and trust of the certificate chain has been compromised, this could trick a user into viewing a document that could contain something malicious. The sanitise setting is a good option to select if there is any doubt about the provenance of the document.

Dynamic Data Exchange (DDE)

Dynamic Data Exchange (DDE) within Microsoft documents is known to present risk as the protocol may be used to execute malicious code on the recipient's computer.

Embedded Files

Embedded objects within files may present risk if they provide a way for active code to be triggered, or to hide data within a document. 

Embedded Images

Embedded images within files may present risk if they provide a way for malicious content to be hidden inside the image.

External Hyperlinks & Internal Hyperlinks

External and internal hyperlinks may appear innocent. However, a link in a document may appear to have a different destination than the real link. Caution is advised when clicking on links in documents. 

Review Comments & Metadata

Metadata can reveal information which the owner may not intend to disclose to the recipient, such as review comments, tracked changes, or the original author's name.


Was this article helpful?