The Portable Document Format (PDF) standard has been able to provide many benefits that unify communications across many different software and hardware platforms. One of those elements is the encryption schemes that allow users to password protect their documents from view, edit, or saving permissions without the required password. Another encryption feature included with the PDF standard is the ability to sign documents with an electronic signature with the same legal standing as a handwritten signature, this may include digital signing which uses cryptographic measures to assure authenticity.
The other prong of this attack uses CBC malleability gadgets, tools that are able to edit cipher texts encrypted with the cipher block chaining (CBC) encryption mode without integrity checks. It just so happens that the PDF standard does exactly that. This method can modify plain text as well as add in new encrypted content to the file. This technique can enact the PDF forms and hyperlink techniques as listed in the Direct Exfiltration method. The CBC Gadgets method can also edit PDF object streams such that they submit themselves to an attacker controlled server. Both attacks require the victim to open the tainted document so that the traps can deliver the finally decrypted information to the attacker. The researchers have tested their techniques on 27 PDF viewers and all were susceptible to at least one method of the PDFex attack.