In my experience this can be caused by a loadbalancer, for example not being able to route (properly) to servers in the pool or a difference in configuration/patch-level between them.
Not a vulnerability, really. And the redial was a separate process, possibly automatic. (Edit: OK, yes it is. It's more a protocol vulnerability and a data handling weakness -- the modems just implemented the protocol, but that's just semantics.. )
+++ is the Hayes command set string to enter command mode. AT is the prefix for commands, and H0 means "set switchhook to zero", i.e. "hang up". (H1 means "go off hook", DT means dial using touch tones, DP means dial, using pulses, etc).
The first two components (+++ and AT) are configurable, but no one ever changed them.
This is really just a weakness of in-band signaling. For this to work, you need a human on the modem side to type the escape and command strings -- or a program on the modem side that takes unfiltered data from the network and sends it back out without escaping.
That's the vulnerability. Accepting data from untrusted sources will always take you somewhere bad, and there are much worse things you can do to modems than make them hang up. If IRC clients would parrot tainted data back up the serial line, great havoc could be caused.
Note that while the exploit is in the PDF, the vulnerability is in the PDF reader. In practice, Adobe's software is the only attack surface anyone ever exploits, so you can read exploit-laden PDFs worry-free by using a less popular alternative. The same is true with Word/Excel files, etc.
You should still have some kind of comprehensive security solution in place, particularly for a business environment, but use of non-standard software is an effective fail-safe for when your "real" security craps out on you (as it inevitably will).
I've no idea why everyone only exploits Adobe's software though. For instance, pretty much all the open source PDF readers are based on a single PDF library called Poppler with a history of security vulnerabilities - exploit that and you should be able exploit all of them in one fell swoop.
Would opening a pdf via Chrome for example provide any extra protection? From what I understand most of the exploits are because of embedded media, no?
Extra protection as opposed to opening it in adobe reader, yes, much likely. Chrome has a sandbox for pdfs as far as I'm aware, they also provide a lot of big bug bounties to people who find any remote execution bugs in Chrome. So, in conclusion, yes, chrome provides relatively more security than other software when opening PDFs.
IIRC, both Adobe Reader "Protected Mode"[1] and Chromium "sandbox"[2] are built on Windows user-mode sandbox framework[3]. Basically, things like principle of least privilege and disable writes etc.
Security is all about execution: Chrome has an enviable track record; Adobe has an embarrassing one. They could change that but it's unclear that they're motivated to build up serious security competency (if they were, the manager in charge of their update process would be fired for cause)
