Security Update For Foxit Reader

[Peaches]

23 June 2009, 12:32

Security update for Foxit Reader

Foxit Software has released a new version of Foxit Reader, a popular alternative to Adobe's Acrobat PDF Reader, to address two security vulnerabilities. According to the report, a problem when reading JPX (JPEG2000) streams in PDF documents could allow an attacker to remotely execute malicious code. For an attack to be successful, a victim must first be tricked into opening a specially crafted PDF document. Foxit Reader, only supports these streams if the user has installed the associated add-on, but if the add-on is not installed users are automatically prompted to install it when opening such a document.

The vulnerabilities have been fixed in Foxit Reader 3.0 Build 1817 and in version 2.0.2009.616 of the JPX add-on. All users are advised to update to the latest release by selecting the included "Check Updates Now" function in the Reader help menu to check for the current version of their installed add-ons. Additionally, disabling JavaScript in Foxit Reader (Edit / Preferences / JavaScript) can also reduce additional security risks.

Adobe has now also released an update for the Unix versions of the Adobe reader to address several previously reported security issues.

See also:

Two Security Vulnerabilities Fixed in Foxit Reader 3.0 and JPEG2000/JBIG2 Decoder, security advisory from Foxit Software.

Foxit Reader contains multiple vulnerabilities in the processing of JPX data, security advisory from US-CERT.

Heise security - http://www.h-online.com/security/Security-...r--/news/113592