Is it possible to bine exe with PDF, so that on opening that PDF, exe runs and gives a message Hello World ! Can i edit PDF structure, and bine my exe or my code in the object part of the PDF structure ?
Here is the image of the PDF document structure
Is it possible to bine exe with PDF, so that on opening that PDF, exe runs and gives a message Hello World ! Can i edit PDF structure, and bine my exe or my code in the object part of the PDF structure ?
Here is the image of the PDF document structure
Share Improve this question asked Apr 21, 2017 at 7:28 SaadSaad 9641 gold badge16 silver badges29 bronze badges 1- 1 This cannot be done, think of the massive security implications of this! No one would ever open another PDF in their lives – George Commented Apr 21, 2017 at 7:31
2 Answers
Reset to default 2If that were possible, it would be a serious security hole; as a user, you would risk infecting your puter with malware every time you view a PDF!
You can use /Type /EmbeddedFile to attach a file into a PDF file; see §7.11.4 of the PDF specification. However, this file will only be executed if the user extracts it and runs it.
You can also add JavaScript code to your document; see §12.6.4.16. However, this code runs in a sandbox.
Well, what George said is not exactly true, it's just not possible in a legitimate use of the standard and the software, from a hacky point of view, running code from a file is actually possible since PDF is a format created by men and so are the readers, so, it is vulnerable (invulnerable software doesn't exist).
In this case, you would have to find a vulnerability, either in the format itself (stepping out of the sandbox) or in the tools it needs to be displayed (Adobe reader, Google Chrome PDF Viewer, etc) so you can execute arbitrary code on the machine once the file is opened. This gives you dozens of libraries, code pieces, software and standards involved and to work with, and believe me, there's a hole somewhere.
Today, there's no such vulnerabilty (we dont know about it), but it doesn't mean it doesn't exists, it's just not discovered/reported yet.
As temporary solution, and knowing that this kind of things are illegal if you pretend to use them to distribute malware, you could camuflate your binary with a PDF icon and play with the extension so you can do it undetectable to non-tech windows users.