topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Thursday December 12, 2024, 9:59 am
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Author Topic: Foxit Reader security flaw  (Read 4756 times)

Tinman57

  • Charter Member
  • Joined in 2006
  • ***
  • Posts: 1,702
    • View Profile
    • Donate to Member
Foxit Reader security flaw
« on: January 13, 2013, 06:13 PM »
Foxit Reader security flaw reportedly allows attack
01.13.2013 9:28 AM

Foxit Reader, a PDF viewer application often used as an alternative to the more popular Adobe Reader, contains a critical vulnerability in its browser plug-in component that can be exploited by attackers to execute arbitrary code on computers.

http://www.pcworld.c...y-allows-attack.html

f0dder

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 9,153
  • [Well, THAT escalated quickly!]
    • View Profile
    • f0dder's place
    • Read more about this member.
    • Donate to Member
Re: Foxit Reader security flaw
« Reply #1 on: January 13, 2013, 06:44 PM »
I wonder if the standalone is exploitable as well?

I avoid PDF browser plugins like the plague, both because of exploitability (though Adobe's is the only one I think is likely to be mass-targeted?), but also because I really hate the UX of in-browser PDF.

Having the standalone exploitable would also be bad, but obviously in-browser is the main issue, drive-bys and such. If you're at a point where you're consciously downloading a PDF, if it has malware then you're probably falling prey to some pretty targeted attack...
- carpe noctem

Tinman57

  • Charter Member
  • Joined in 2006
  • ***
  • Posts: 1,702
    • View Profile
    • Donate to Member
Re: Foxit Reader security flaw
« Reply #2 on: January 13, 2013, 07:54 PM »
I wonder if the standalone is exploitable as well?

I avoid PDF browser plugins like the plague, both because of exploitability (though Adobe's is the only one I think is likely to be mass-targeted?), but also because I really hate the UX of in-browser PDF.

Having the standalone exploitable would also be bad, but obviously in-browser is the main issue, drive-bys and such. If you're at a point where you're consciously downloading a PDF, if it has malware then you're probably falling prey to some pretty targeted attack...


  I've never had a problem with PdfXchangeViewer.  I dumped Foxit years ago in favor of it...

mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 40,914
    • View Profile
    • Mouser's Software Zone on DonationCoder.com
    • Read more about this member.
    • Donate to Member
Re: Foxit Reader security flaw
« Reply #3 on: January 13, 2013, 09:20 PM »
Just want to say thank you for posting the security tips, they are appreciated  :up:

f0dder

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 9,153
  • [Well, THAT escalated quickly!]
    • View Profile
    • f0dder's place
    • Read more about this member.
    • Donate to Member
Re: Foxit Reader security flaw
« Reply #4 on: January 14, 2013, 06:20 AM »
I've never had a problem with PdfXchangeViewer.  I dumped Foxit years ago in favor of it...
I never had a problem with FoxIt :P - it never installed a browser plugin. And I feel relatively safe using it, even if there's been a few exploits for it - I still don't think it has enough marketshare that there would be drive-by attacks for it anyway.

I've considered moving to Sumatra, though, since it's opensource and even more lightweight and fast than foxit. It had some stability issues some years back, but I've been using it for primary PDF viewer on my work laptop for a while, and it seems to work pretty well nowadays...

Anyway, as mouser says, thanks for posting the security tips - it's good to get some focus on these things for people who don't follow security-related blogs & RSS feeds :)
- carpe noctem

Tinman57

  • Charter Member
  • Joined in 2006
  • ***
  • Posts: 1,702
    • View Profile
    • Donate to Member
Re: Foxit Reader security flaw
« Reply #5 on: January 14, 2013, 04:48 PM »
I've considered moving to Sumatra, though, since it's opensource and even more lightweight and fast than foxit. It had some stability issues some years back, but I've been using it for primary PDF viewer on my work laptop for a while, and it seems to work pretty well nowadays...

Anyway, as mouser says, thanks for posting the security tips - it's good to get some focus on these things for people who don't follow security-related blogs & RSS feeds :)

  I've never heard of Sumatra before.  I just took a look at their web page.  It has eBook readers and other stuff built into it.  Looks nice, but I don't need all the extra readers it offers, and I've been so happy with PdfXchangeViewer I just can't get away from it.  lol

  Anyhow, your all welcome for the security heads-up.  Guess all that security reading I do is good for something.   ;)

Tinman57

  • Charter Member
  • Joined in 2006
  • ***
  • Posts: 1,702
    • View Profile
    • Donate to Member
Foxit Patch
« Reply #6 on: January 21, 2013, 07:43 PM »
Foxit Patches Vulnerability, Updates Reader Product

Foxit fixed a vulnerability in its PDF reader product yesterday, eight days after it was discovered that an attacker could have leveraged to insert malicious code into documents.


http://threatpost.co...eader-product-011813