New Vlnerability in Foxit Reader Allows Code Execution

The application, Foxit Reader, a popular option over Acrobat Reader, has been found with a flaw, said Secunia, security service company, as reported by heiseSecurity on May 20, 2008.

According to Secunia, the outfit for vulnerability research, the flaw is "highly critical" as it allows hackers to inject and run malicious programs like trojans via PDF files. The bug also allows attacker to gain full control over the attacked system.

According to the news on ZDNet on May 20, 2008, the flaw is a result of a boundary fault at the time of parsing of formatted strings having an indicator for 'floating point' in the "util.printf()" JavaScript program. On exploiting the fault, a buffer overflow is caused through a crafty PDF file. If the exploitation is successful, it allows attackers to execute arbitrary code.

Further, the vulnerability affects version 2.3 developed 2825 as well as other versions, as reported by ZDNET.

Nevertheless, Secunia pointed out that the vulnerability would be fixed in version 2.3 developed 2912 but the indefinitely erroneous 2828 version is still being served up from Foxit's download page.

In the meantime, elaborating on Foxit Reader's bug, computer security specialists said that it is almost impossible for a typical computer user to install all the updated patches for his desktop applications. However, some software providers are employing automatic updates so that the patches could be installed on time. But if the computer user misses the incoming vulnerability warnings, then the possibilities abound that the vulnerable applications on his system become exposed to hackers' attacks.

While the new vulnerabilities in Foxit Reader have been reported this month, in April 2008, other vulnerabilities were discovered in the Windows edition of Foxit Reader, a lightweight and popular PDF Reader version 2.2, as reported by TechRepublic in the last week of April 2008.

Soon after the discovery of the Foxit Reader 2.2 flaw, well known Security Analyst, Javier Vicente Vallejo, commented that no known attack code(s) for these vulnerabilities has appeared so far. However, erroneous coding when parsing PDF files could let hackers run harmful code through manipulated PDF files, as reported by TechRepublic in April 2008.

Related article: New Zealand Releases Code To Reduce Spam

ยป SPAMfighter News - 29-05-2008

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Exchange Anti Spam Filter
Go back to previous page
Next