Take a look into this project https://github.com/urule99/jsunpack-n - A Generic JavaScript Unpacker
jsunpack-n emulates browser functionality when visiting a URL. It's
purpose is to detect exploits that target browser and browser plug-in
vulnerabilities. It accepts many different types of input:
( also PDFs* )
By looking into ths file https://raw.githubusercontent.com/urule99/jsunpack-n/master/pre.js it looks like it directly addresses your problem.
var util = {
375 printf : function(a,b){print ("//alert CVE-2008-2992 util.printf length ("+ a.length + "," + b.length + ")
"); },
On upload I would feed pdf into this tool and check the results.
Below some interesting resouces related to that vunelabirity which explain everything in-depth.
http://resources.infosecinstitute.com/hacking-pdf-part-1/
http://resources.infosecinstitute.com/hacking-pdf-part-2/
In part 2 of the article there is a fragment saying that you can use
Spider monkey to execute pre.js (the file I mentioned eariler ) to get info about CVE
js -f pre.js -f util_printf.pdf.out
//alert CVE-2008-2992 util.printf length (13,undefined)