Yes, that's the same "feature" that's been in the news in recent weeks after a security researcher found a way to execute an embedded executable without exploiting any PDF security vulnerabilities.
the attack originate as e-mails claiming to be from Royal Mail with an attached PDF file:
This PDF uses a feature, specified in the PDF format, known as a Launch action. A Launch action is intended to be used to run an application or opening or printing a document. Recently it has been discovered by a security researcher that this feature can be used to run an executable embedded within the PDF file.
This PDF also contains an attachment (PDFs can have an attachment embedded within them, just like emails) named Royal_Mail_Delivery_Notice.pdf which has been compressed inside the PDF file. This attachment is actually an executable file and if run, will install the Zeus bot.
This could be somewhat confusing to users, and not really knowing what is happening, they may just click save (It appears as if they are just saving a PDF file after all). Users of Foxit PDF reader will get no warning and the attachment will be saved to the users Documents folder.
Adobe is considering a patch to change the behavior of the software. In the meantime, the company is suggesting that users configure its PDF Reader product to limit the damage from an attack.
Here are the instructions for mitigating a potential attack:
- Users can also turn off this functionality in the Adobe Reader and Adobe Acrobat Preferences by selecting > Edit > Preferences > Categories > Trust Manager > PDF File Attachments and clearing (unchecking) the box “Allow opening of non-PDF file attachments with external applications”