Foxit Reader security flaw

[Tinman57]

Foxit Reader security flaw reportedly allows attack
01.13.2013 9:28 AM

Foxit Reader, a PDF viewer application often used as an alternative to the more popular Adobe Reader, contains a critical vulnerability in its browser plug-in component that can be exploited by attackers to execute arbitrary code on computers.

http://www.pcworld.c...y-allows-attack.html

[f0dder]

I wonder if the standalone is exploitable as well?

I avoid PDF browser plugins like the plague, both because of exploitability (though Adobe's is the only one I think is likely to be mass-targeted?), but also because I really hate the UX of in-browser PDF.

Having the standalone exploitable would also be bad, but obviously in-browser is the main issue, drive-bys and such. If you're at a point where you're consciously downloading a PDF, if it has malware then you're probably falling prey to some pretty targeted attack...

[Tinman57]

I wonder if the standalone is exploitable as well?

I avoid PDF browser plugins like the plague, both because of exploitability (though Adobe's is the only one I think is likely to be mass-targeted?), but also because I really hate the UX of in-browser PDF.

Having the standalone exploitable would also be bad, but obviously in-browser is the main issue, drive-bys and such. If you're at a point where you're consciously downloading a PDF, if it has malware then you're probably falling prey to some pretty targeted attack...

-f0dder (January 13, 2013, 06:44 PM)

  I've never had a problem with PdfXchangeViewer.  I dumped Foxit years ago in favor of it...

[mouser]

Just want to say thank you for posting the security tips, they are appreciated 

[f0dder]

I've never had a problem with PdfXchangeViewer.  I dumped Foxit years ago in favor of it...

-Tinman57 (January 13, 2013, 07:54 PM)

I never had a problem with FoxIt - it never installed a browser plugin. And I feel relatively safe using it, even if there's been a few exploits for it - I still don't think it has enough marketshare that there would be drive-by attacks for it anyway.

I've considered moving to Sumatra, though, since it's opensource and even more lightweight and fast than foxit. It had some stability issues some years back, but I've been using it for primary PDF viewer on my work laptop for a while, and it seems to work pretty well nowadays...

Anyway, as mouser says, thanks for posting the security tips - it's good to get some focus on these things for people who don't follow security-related blogs & RSS feeds

[Tinman57]

I've considered moving to Sumatra, though, since it's opensource and even more lightweight and fast than foxit. It had some stability issues some years back, but I've been using it for primary PDF viewer on my work laptop for a while, and it seems to work pretty well nowadays...

Anyway, as mouser says, thanks for posting the security tips - it's good to get some focus on these things for people who don't follow security-related blogs & RSS feeds

-f0dder (January 14, 2013, 06:20 AM)

  I've never heard of Sumatra before.  I just took a look at their web page.  It has eBook readers and other stuff built into it.  Looks nice, but I don't need all the extra readers it offers, and I've been so happy with PdfXchangeViewer I just can't get away from it.  lol

  Anyhow, your all welcome for the security heads-up.  Guess all that security reading I do is good for something.   

[Tinman57]

Foxit Patches Vulnerability, Updates Reader Product

Foxit fixed a vulnerability in its PDF reader product yesterday, eight days after it was discovered that an attacker could have leveraged to insert malicious code into documents.

http://threatpost.co...eader-product-011813