I have seen on twitter that there is use for another PDF callback Proof-of-Concept in Adobe Reader. Last year a PDF file called “BadPDF” was created, which allowed to trigger a callback to an attacker controlled SMB server and leak the users NTMLv2 hash. The used technique was fixed by Adobe (CVE-2018-4993).

https://insert-script.blogspot.com/2019/01/adobe-reader-pdf-callback-via-xslt.html