Skip navigation.

PDF Exploit detection system: Joedoc

We are happy to release Joedoc a novel runtime analysis system for detecting exploits in documents like pdf and doc. In its current beta stage it detects pdf exploits in Acrobat Reader 7.0.5, 8.1.2, 9.0 and 9.2. Check out the submission instructions on to check malicious pdfs.

Doc exploit detection

Can you provide any further details about how this detection happens. I'm specifically more interested on the Office doc side. PDF is an open format. Does the tool handle the old binary versions of Office docs as well as the newer OpenXML format?

Hi Have you read:


Have you read: ? The system is independent of the application and its documents. So it should detect exploits in old office docs and new ones.


Hi, i will be really glad if


i will be really glad if you can send us some info regarding the technique you use for validating/invalidating PDF structure as well exploitation score.

Malware Researcher,
Linux Developer.

Hi, we do not parse any pdf


we do not parse any pdf structure. Joedoc compares execution traces of benign and malicious pdfs.


nice system

it's great that you released something to the public like that. don't know that behavioral cross-referencing techniques are "novel", but it's cool. nice work.