Welcome Guest.   Make a donation to an author on the site April 19, 2014, 12:09:40 AM  *

Please login or register.
Or did you miss your validation email?


Login with username and password (forgot your password?)
Why not become a lifetime supporting member of the site with a one-time donation of any amount? Your donation entitles you to a ton of additional benefits, including access to exclusive discounts and downloads, the ability to enter monthly free software drawings, and a single non-expiring license key for all of our programs.


You must sign up here before you can post and access some areas of the site. Registration is totally free and confidential.
 
The N.A.N.Y. Challenge 2012! Download dozens of custom programs!
   
   Forum Home   Thread Marks Chat! Downloads Search Login Register  
Pages: [1]   Go Down
  Reply  |  New Topic  |  Print  
Author Topic: Foxit Reader security flaw  (Read 998 times)
Tinman57
Charter Member
***
Posts: 1,697



Duck! It's another MicroSoft Patch!

View Profile Read user's biography. Give some DonationCredits to this forum member
« on: January 13, 2013, 06:13:24 PM »

Foxit Reader security flaw reportedly allows attack
01.13.2013 9:28 AM

Quote
Foxit Reader, a PDF viewer application often used as an alternative to the more popular Adobe Reader, contains a critical vulnerability in its browser plug-in component that can be exploited by attackers to execute arbitrary code on computers.

http://www.pcworld.com/ar...rtedly-allows-attack.html
Logged

((((TINMAN))))
f0dder
Charter Honorary Member
***
Posts: 8,774



[Well, THAT escalated quickly!]

see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #1 on: January 13, 2013, 06:44:31 PM »

I wonder if the standalone is exploitable as well?

I avoid PDF browser plugins like the plague, both because of exploitability (though Adobe's is the only one I think is likely to be mass-targeted?), but also because I really hate the UX of in-browser PDF.

Having the standalone exploitable would also be bad, but obviously in-browser is the main issue, drive-bys and such. If you're at a point where you're consciously downloading a PDF, if it has malware then you're probably falling prey to some pretty targeted attack...
Logged

- carpe noctem
Tinman57
Charter Member
***
Posts: 1,697



Duck! It's another MicroSoft Patch!

View Profile Read user's biography. Give some DonationCredits to this forum member
« Reply #2 on: January 13, 2013, 07:54:35 PM »

I wonder if the standalone is exploitable as well?

I avoid PDF browser plugins like the plague, both because of exploitability (though Adobe's is the only one I think is likely to be mass-targeted?), but also because I really hate the UX of in-browser PDF.

Having the standalone exploitable would also be bad, but obviously in-browser is the main issue, drive-bys and such. If you're at a point where you're consciously downloading a PDF, if it has malware then you're probably falling prey to some pretty targeted attack...


  I've never had a problem with PdfXchangeViewer.  I dumped Foxit years ago in favor of it...
Logged

((((TINMAN))))
mouser
First Author
Administrator
*****
Posts: 32,668



see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #3 on: January 13, 2013, 09:20:52 PM »

Just want to say thank you for posting the security tips, they are appreciated  thumbs up
Logged
f0dder
Charter Honorary Member
***
Posts: 8,774



[Well, THAT escalated quickly!]

see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #4 on: January 14, 2013, 06:20:41 AM »

I've never had a problem with PdfXchangeViewer.  I dumped Foxit years ago in favor of it...
I never had a problem with FoxIt tongue - it never installed a browser plugin. And I feel relatively safe using it, even if there's been a few exploits for it - I still don't think it has enough marketshare that there would be drive-by attacks for it anyway.

I've considered moving to Sumatra, though, since it's opensource and even more lightweight and fast than foxit. It had some stability issues some years back, but I've been using it for primary PDF viewer on my work laptop for a while, and it seems to work pretty well nowadays...

Anyway, as mouser says, thanks for posting the security tips - it's good to get some focus on these things for people who don't follow security-related blogs & RSS feeds smiley
Logged

- carpe noctem
Tinman57
Charter Member
***
Posts: 1,697



Duck! It's another MicroSoft Patch!

View Profile Read user's biography. Give some DonationCredits to this forum member
« Reply #5 on: January 14, 2013, 04:48:37 PM »

I've considered moving to Sumatra, though, since it's opensource and even more lightweight and fast than foxit. It had some stability issues some years back, but I've been using it for primary PDF viewer on my work laptop for a while, and it seems to work pretty well nowadays...

Anyway, as mouser says, thanks for posting the security tips - it's good to get some focus on these things for people who don't follow security-related blogs & RSS feeds smiley

  I've never heard of Sumatra before.  I just took a look at their web page.  It has eBook readers and other stuff built into it.  Looks nice, but I don't need all the extra readers it offers, and I've been so happy with PdfXchangeViewer I just can't get away from it.  lol

  Anyhow, your all welcome for the security heads-up.  Guess all that security reading I do is good for something.   Wink
Logged

((((TINMAN))))
Tinman57
Charter Member
***
Posts: 1,697



Duck! It's another MicroSoft Patch!

View Profile Read user's biography. Give some DonationCredits to this forum member
« Reply #6 on: January 21, 2013, 07:43:26 PM »

Foxit Patches Vulnerability, Updates Reader Product

Quote
Foxit fixed a vulnerability in its PDF reader product yesterday, eight days after it was discovered that an attacker could have leveraged to insert malicious code into documents.


http://threatpost.com/en_...tes-reader-product-011813
Logged

((((TINMAN))))
Pages: [1]   Go Up
  Reply  |  New Topic  |  Print  
 
Jump to:  
   Forum Home   Thread Marks Chat! Downloads Search Login Register  

DonationCoder.com | About Us
DonationCoder.com Forum | Powered by SMF
[ Page time: 0.038s | Server load: 0.21 ]