That safe and secure Foxit plugin you use?

Subject: General Tech | January 14, 2013 - 02:00 PM |
Tagged: pdf, foxit, security, fud

The Register has some bad news about that PDF reader you prefer to Adobe's software, a new vulnerability which does not even stem from booby-trapped document but from a long link name.  It seems that you can cause a buffer overflow in Foxit simply by copying the entire URL into a fixed-sized buffer when the user clicks on a PDF which "pretty much lets you write to a memory location of your choice".  5.4.4.1128 and older version are vulnerable and we have yet to hear from the creators of Foxit.  Looks like no PDF reader is safe at this point.

View Full Size

"A new security bug in the popular Foxit PDF reader plugin for web browsers allows miscreants to compromise computers and install malware. There's no patch for this zero-day vulnerability.

Italian security researcher Andrea Micalizzi discovered that the latest version of the software crashes if users are tricked into clicking on an overly long web link. The plugin is kicked into action by the browser to handle the file and promptly bombs."

Here is some more Tech News from around the web:

Tech Talk

Source: The Register
January 14, 2013 | 03:59 PM - Posted by Goofus Maximus (not verified)

Well, I never bought the Foxit coolaid on security. I use it for it's lighter weight and snappy performance, though lately that too has become less "snappy". I've just never used plugins for document viewing of any type.

Combine this with my recent unchecking the "enable content in the browser" check-box, and my uninstall of Shockwave (not flash), and flash and silverlight are my only plugin vulnerabilities. For the rest, I'm just going to rely on NoScript to keep myself less unsafe!

January 15, 2013 | 12:07 AM - Posted by castlefox (not verified)

Well I liked using a pdf reader called sumatra.

Thanks for keeping aware about Foxit.

January 15, 2013 | 12:41 AM - Posted by Jingles (not verified)

I ditched Foxit a long time ago for Nitro PDF.

Post new comment

The content of this field is kept private and will not be shown publicly.
  • Lines and paragraphs break automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <blockquote><p><br>
  • Web page addresses and e-mail addresses turn into links automatically.

More information about formatting options

By submitting this form, you accept the Mollom privacy policy.