Peaches Posted March 10, 2009 Report Share Posted March 10, 2009 9 March 2009, 17:33Security updates for Foxit Reader A newly released version of the Foxit PDF reader fixes three security vulnerabilities. One of the vulnerabilities is based on a buffer overflow exploit that allows an attacker to inject and remotely execute code when a user opens a specially crafted PDF document. The bug can be found in version 3 of the software and is based on the processing of overly long file names. A manipulated JBIG2 compression table could be used to create an uninitialised array. Values from this uninitialised memory could be accessed and used as pointers allowing an attacker to read memory and perform calls. Version 3.0 and 2.3 of Foxit reader are both affected. The third vulnerability relied on the user opening a crafted PDF file created by an attacker which would execute a file or open a web link. Normally such triggers would generate a warning dialogue box requesting the users confirmation, but in the case of this exploit, the dialogue box is suppressed. The vulnerabilities have been fixed in Foxit 3.0 Build 1506 and 2.3 Build 3902 and all users are advised to upgrade. Heise security - http://www.h-online.com/security/Security-...r--/news/112805 Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.