Vulnerable Browser Plug-in of Foxit Reader Facilitates System Compromise

One fresh security flaw within the browser plug-in of Foxit PDF reader a popular program recently was letting cyber-criminals to hijack PCs as well as plant malware. The zero-day flaw doesn't yet have a patch, reports The Register dated January 11, 2013.

Andrea Micalizzi, a security researcher from Italy found that the software's most recent version collapsed when end-users were deceptively made to click a lengthy web-address. The web-browser triggered the plug-in to become active so the PDF (portable document file) could be handled, while the plug-in instantly blasted, reported The Register.

However, the vulnerability didn't get activated with any booby-trapped file that was how computers having unprotected PDF reader software were normally infected. Rather, following any web-link leading onto a PDF, which proactively contained one lengthy string of characters added to the filename, resulted in certain heap-based stack within Foxit's plug-in.

Micalizzi highlights that the malicious script merely acts as one loop, which makes a duplicate of the whole web-address and pastes it inside an already decided heap stack size whilst hunting to obtain '%' escape scripts. Once this stack is smashed, it enables the attacker to randomly rewrite on the software application's memory as well as its buffer overflow, thereby compromising the processor.

Moreover, according to Micalizzi, the latest Foxit ver.5.4.4.1128 as well as the latest plug-in ver.2.2.1.530, both get straight away impacted with the said flaw whereas as per Secunia the Danish vulnerability company, more versions are likely impacted too.

And because the flaw has the capability for resulting in system hijack, Secunia assigns a 'highly critical' rating to it. Advisory Team Lead Chaitanya Sharma from Secunia reported the confirmation the company made about the flaw utilizing Safari, Opera and Firefox. Computerworlduk.com published this dated January 10, 2013.

A confirmation from Foxit is, however, awaited about the flaw's presence. Meanwhile, the Security Rapid Response Team of the company was provided information regarding the flaw to investigate further, stated one Sales & Service Representative of Foxit, and which Computerworlduk.com published.

Thus, Sharma concludes that for the time being, the add-on within Web-browsers must be disabled while other software used in its place.

Related article: Vulnerability Reported In IE 7 is an Outlook Flaw

» SPAMfighter News - 1/17/2013