This is a classic PDF-based XSS attack vector. When a PDF reader processes this file, it might execute the embedded JavaScript code, which would then reveal sensitive cookie information to an attacker. The attack attempts to extract authentication tokens or session identifiers stored in cookies, which could lead to session hijacking.

This particular technique uses the FontMatrix parameter, which is supposed to contain numbers for font transformation, but has been abused to contain executable code that doesn't belong there.

• Verify and deploy a vulnerable application as a Docker Contianer
• Exploit using custom payloads
• Detect threats using runtime security tools like Falco
• Enforce best practices and secure container environments against breaches

Ideal for Security Professionals, Devops Teams, and Penetration Testers