> Charlie Miller did an analysis once, fuzzing various engines, and Adobe's actually came out on top
The CanSecWest slides I found had him fuzzing standalone "PDF applications". This whole problem is because of handing random stuff from the internet to third party native code! Nowadays the browsers are in a class of their own wrt security.
So use the PDF readers built into browsers, Chrome has one tended to by their security ninjas and Firefox has one running in their battle-hardened Javascript sandbox.
The CanSecWest slides I found had him fuzzing standalone "PDF applications". This whole problem is because of handing random stuff from the internet to third party native code! Nowadays the browsers are in a class of their own wrt security.
So use the PDF readers built into browsers, Chrome has one tended to by their security ninjas and Firefox has one running in their battle-hardened Javascript sandbox.