PDF is a document format on steroids. In this talk, we will dive deep into the PDF specification and reveal its less known, insecure features. We perform a systematic and in-depth analysis of the capabilities of malicious PDF documents leading to vulnerabilities in all major PDF viewers. Our attacks are categorized into four classes: (1) Denial-of-Service attacks affecting the host on which the document is processed. (2) Information disclosure attacks which track who opens a document or leak personal data out of the victim's computer to the attacker's server, such as PDF document form data, local files, or user credentials. (3) Data manipulation attacks which modify form values, write local files on the host system, or mask the displayed content of a document based on the opening application. (4) Execution of code on the victim's machine, by silently launching an embedded executable. Finally, we propose a methodology to systematically protect against attacks based on legitimate-but-dangerous PDF document features.