Subject: General Tech | January 14, 2013 - 02:00 PM | Jeremy Hellstrom
Tagged: pdf, foxit, security, fud
The Register has some bad news about that PDF reader you prefer to Adobe's software, a new vulnerability which does not even stem from booby-trapped document but from a long link name. It seems that you can cause a buffer overflow in Foxit simply by copying the entire URL into a fixed-sized buffer when the user clicks on a PDF which "pretty much lets you write to a memory location of your choice". 188.8.131.528 and older version are vulnerable and we have yet to hear from the creators of Foxit. Looks like no PDF reader is safe at this point.
"A new security bug in the popular Foxit PDF reader plugin for web browsers allows miscreants to compromise computers and install malware. There's no patch for this zero-day vulnerability.
Italian security researcher Andrea Micalizzi discovered that the latest version of the software crashes if users are tricked into clicking on an overly long web link. The plugin is kicked into action by the browser to handle the file and promptly bombs."
Here is some more Tech News from around the web:
- Weekend Project: Linux For Beginners @ Linux.com
- HP Photosmart 5520 Review @ TechReviewSource
- Tech Reports's big CES 2013 digest
- We drop a Corsair Survivor 16GB pen drive from 10th floor hotel room at CES on video - does it survive? @ Tweaktown
- TechwareLabs CES 2013 Coverage: Part 2
- Bjorn3D CES 2013 Coverage
- CES 2013: Kingston HyperX 10-Year Anniversary Party & Starcraft II Tournament @ Legit Reviews
- CES 2013 Report @ Neoseeker
- Ten stars of CES 2013: Who made the biggest splash? @ The Register