Security researchers said Jeremy Conway has found a way to spread malicious code through the PDF documents on the victim's computer. The attack exploited a flaw in how the file format (file) PDF of work, more data "toxic" to the legitimate PDF files that can then be used to attack anyone who opened them.

Mr. Conway, a product manager of Nitro Security, has developed techniques to "inject" malicious commands into PDF files. However, his attacks only work when there are some other malicious programs on the system code added. But all changed when researchers announced Didier Stevens modifying PDF documents to run executable files (EXE) on the victim's computer.

"When I saw Didier's attack, the first time I absolutely can attack from within PDF files," Mr. Conway said. If a user were tricked and allowed to run executable files, Mr. Conway's style of attack will work as worms, malicious content copied to the other PDF files on your computer. "Malware may be the next vector for zero-day attacks," Mr. Conway said.

Users of Adobe Acrobat Reader or want to disable features that allow the attacks can click on "Edit> Preferences> Categories> Trust Manager> PDF File Attachments," and then deselect the check box titled "Allow opening of non-PDF file attachments with external applications. With Foxit Reader version 3.2.1, now, this software will show up dialog box asking the user if they really do not want to code execution. Adobe Reader does the same.