Highly Critical Security Flaw Found in Foxit Reader
The vulnerability can be exploited to execute arbitrary code.
Security consultant Andrea Micalizzi recently uncovered a vulnerability in Foxit Reader, which security firm Secunia has identified as highly critical, stating, "Successful exploitation allows execution of arbitrary code."
"Essentially, to exploit Foxit, an attacker must get a user to open a PDF document on the web via an especially long URL," writes Threatpost's Christopher Brook. "Secunia ... warns that a boundary error in the reader’s browser plugin (npFoxItReaderPlugin.dll) can’t handle excessively long URLs and in turn, triggers a stack-based buffer overflow."
"Since the current version 22.214.171.1248 (plugin version 126.96.36.1990) is affected, the only available protective measure is to disable the plugin in the browser," The H Security reports.
"In the past, Foxit Reader has been suggested by some people in the security community as a more secure and less attacked alternative to Adobe Reader," notes Computerworld's Lucian Constantin. "In fact, Foxit, the company that develops the application, claims on its website that Foxit Reader is 'the most secure PDF reader' and is 'better than Adobe PDF Reader and Acrobat.' According to the company, the program is used by over 130 million users."