Legend:
Application | Version | Direct Exfiltration | CBC Gadgets |
---|---|---|---|
Adobe Acrobat DC | 2019.008.20081 | ![]() ![]() |
![]() |
Foxit Reader | 9.2.0.9297 | ![]() |
![]() |
PDF-XChange Viewer | 2.5.322.9 | ![]() ![]() |
![]() |
Perfect PDF Reader | 8.0.3.5 | ![]() ![]() |
![]() ![]() |
PDF Studio Viewer | 2018.1.0 | ![]() ![]() |
![]() ![]() |
Nitro Reader | 5.5.9.2 | ![]() |
![]() ![]() |
Acrobat Pro DC | 2017.011.30127 | ![]() ![]() |
![]() |
Foxit PhantomPDF | 9.5.0.20723 | ![]() |
![]() |
PDF-XChange Editor | 7.0.326.1 | ![]() ![]() |
![]() |
Perfect PDF Premium | 10.0.0.1 | ![]() ![]() |
![]() ![]() |
PDF Studio Pro | 12.0.7 | ![]() ![]() |
![]() ![]() |
Nitro Pro | 12.2.0.228 | ![]() ![]() |
![]() ![]() |
Nuance Power PDF | 3.0.0.17 | ![]() ![]() |
![]() |
iSkysoft PDF Editor | 6.4.2.3521 | ![]() |
![]() |
Master PDF Editor | 5.1.36 | ![]() ![]() |
![]() ![]() |
Soda PDF Desktop | 11.0.16.2797) | ![]() |
![]() |
PDF Architect | 7.0.23.3193 | ![]() |
![]() |
PDFelement | 6.8.0.3523 | ![]() |
![]() |
Application | Version | Direct Exfiltration | CBC Gadgets |
---|---|---|---|
Preview | 3.32.0 | ![]() |
![]() |
Skim | 1.4.37 | ![]() |
![]() |
Application | Version | Direct Exfiltration | CBC Gadgets |
---|---|---|---|
Evince | 10.0.944.4 | ![]() |
![]() |
Okular | 1.7.3 | ![]() |
![]() |
MuPDF | 1.14.0 | ![]() |
![]() |
Application | Version | Direct Exfiltration | CBC Gadgets |
---|---|---|---|
Chrome | 70.0.3538.67 | ![]() ![]() |
![]() ![]() |
Firefox | 66.0.2 | ![]() |
![]() |
Safari | 11.0.3 | ![]() |
![]() |
Opera | 57.0.3098.106 | ![]() ![]() |
![]() ![]() |
You can get all Proof-of-Concept exploits in one .tgz file via the following link.
As part of our research, we started a responsible disclosure procedure.
In cooperation with the CERT-Bund, the national CERT section of BSI, we contacted all vendors, provided proof-of-concept exploits, and helped them to fix the issues.