A file format exploit takes advantage of a vulnerability that exists in the way that an application processes data in a particular file format, such as PDF, DOC, or JPEG. Most file format exploits are malicious files that are delivered to a human target through e-mail or an external storage device, such as a USB key.
A file format exploit enables you to create a single malicious file, such as a PDF, and use that file to compromise systems regardless of the operating system. A file format exploit runs when a human target opens the malicious file, and if their system is vulnerable to the exploit, you will be able to obtain shell access to their machine.
For example, you can create a PDF that contains an exploit, like the Adobe CoolType exploit. When a vulnerable target opens the PDF, the payload runs and creates a session between the target’s machine and the attacking machine.