Of course, this probably wouldn't stop a CIA/NSA level exploit from working, but if you're worried about that then you should probably be running in a virtual machine or usb booted OS or otherwise really know what you're doing.
In respect to obvious threats, I would say this one is low, but of course there is always some potential of a threat.
Great answer by @kjlsdklfjlksdjflk, I would only add that for people using some means to cover their real IP addresses (such as Tor or a VPN), PDF files making web requests from a PDF client that has not been configured to route traffic through their anonymizing network will give away their real identities. This is why we automatically flair PDFs as risk. Also, I don't think I need to explain on this board why a .gov address is no guarantee of anything.
view the rest of the comments →
wecanhelp ago
I've flaired this as Potential Security Risk for the PDF.
PizzaDestroyer ago
Please note that the PDF is hosted at app.oig.dc.gov - the website for the DC inspector general. Also a scan on virustotal.com passes the pdf as clean: https://www.virustotal.com/en/url/11ebce1255d3dbfe6ccc7c5ae6baa3f88d5502e923d6c387650a36bfd7fcee06/analysis/
Here is the result of scanning the actual file instead of URL: https://www.virustotal.com/en/file/f9937bdfce1c3294ace97e7f016a1cea24b97314838ff9520b96932724c434a2/analysis/
Of course, this probably wouldn't stop a CIA/NSA level exploit from working, but if you're worried about that then you should probably be running in a virtual machine or usb booted OS or otherwise really know what you're doing.
In respect to obvious threats, I would say this one is low, but of course there is always some potential of a threat.
wecanhelp ago
Great answer by @kjlsdklfjlksdjflk, I would only add that for people using some means to cover their real IP addresses (such as Tor or a VPN), PDF files making web requests from a PDF client that has not been configured to route traffic through their anonymizing network will give away their real identities. This is why we automatically flair PDFs as risk. Also, I don't think I need to explain on this board why a .gov address is no guarantee of anything.
PizzaDestroyer ago
All fair points. Thanks for the explanation.