ATTENTION: You are viewing a page formatted for mobile devices; to view the full web page, click HERE.

Main Area and Open Discussion > Living Room

Foxit Reader security flaw

(1/2) > >>

Tinman57:
Foxit Reader security flaw reportedly allows attack
01.13.2013 9:28 AM

Foxit Reader, a PDF viewer application often used as an alternative to the more popular Adobe Reader, contains a critical vulnerability in its browser plug-in component that can be exploited by attackers to execute arbitrary code on computers.
--- End quote ---

http://www.pcworld.com/article/2025154/foxit-reader-security-flaw-reportedly-allows-attack.html

f0dder:
I wonder if the standalone is exploitable as well?

I avoid PDF browser plugins like the plague, both because of exploitability (though Adobe's is the only one I think is likely to be mass-targeted?), but also because I really hate the UX of in-browser PDF.

Having the standalone exploitable would also be bad, but obviously in-browser is the main issue, drive-bys and such. If you're at a point where you're consciously downloading a PDF, if it has malware then you're probably falling prey to some pretty targeted attack...

Tinman57:
I wonder if the standalone is exploitable as well?

I avoid PDF browser plugins like the plague, both because of exploitability (though Adobe's is the only one I think is likely to be mass-targeted?), but also because I really hate the UX of in-browser PDF.

Having the standalone exploitable would also be bad, but obviously in-browser is the main issue, drive-bys and such. If you're at a point where you're consciously downloading a PDF, if it has malware then you're probably falling prey to some pretty targeted attack...

-f0dder (January 13, 2013, 06:44 PM)
--- End quote ---

  I've never had a problem with PdfXchangeViewer.  I dumped Foxit years ago in favor of it...

mouser:
Just want to say thank you for posting the security tips, they are appreciated  :up:

f0dder:
I've never had a problem with PdfXchangeViewer.  I dumped Foxit years ago in favor of it...-Tinman57 (January 13, 2013, 07:54 PM)
--- End quote ---
I never had a problem with FoxIt :P - it never installed a browser plugin. And I feel relatively safe using it, even if there's been a few exploits for it - I still don't think it has enough marketshare that there would be drive-by attacks for it anyway.

I've considered moving to Sumatra, though, since it's opensource and even more lightweight and fast than foxit. It had some stability issues some years back, but I've been using it for primary PDF viewer on my work laptop for a while, and it seems to work pretty well nowadays...

Anyway, as mouser says, thanks for posting the security tips - it's good to get some focus on these things for people who don't follow security-related blogs & RSS feeds :)

Navigation

[0] Message Index

[#] Next page

Go to full version