I have seen on twitter that there is use for another PDF callback Proof-of-Concept in Adobe Reader. Last year a PDF file called “BadPDF” was created, which allowed to trigger a callback to an attacker controlled SMB server and leak the users NTMLv2 hash. The used technique was fixed by Adobe (CVE-2018-4993).