republican-creole
Search:  

 
theme to black backgroundlet page decide theme
HomeFind ServiceReviewsISP NewsFAQsForumsToolsDatabaseAbout 
 
   News
home

Foxit Reader Security Release - Get it Now!
(old news - 03:21PM Monday Mar 09 2009)
Foxit Reader 3.0 Build 1506
Mar 9, 2009

"Foxit has fixed three major vulnerabilities below which would cause the application to crash and could potentially allow an attacker to take control of the affected system. Foxit took these issues seriously and our Technical Team resolved the relevant security issues efficiently within a couple days, and now Foxit Reader 3.0 is even more stable than before.

Foxit also confirms that the earlier version, Foxit Reader 2.3, is also vulnerable to security authorization bypass issue and JBIG2 symbol dictionary processing issue, and they have been fixed at the same time. Today, Foxit also released the updated version of Foxit Reader V2.3 Build 3902. So, those who keep using this old version can download the updated version from here now.

The ask.com toolbar Foxit is bundling, is NOT the same version as reported on secunia.com, and doesn't have the reported vulnerability.

Vulnerabilities Fixed:
Fixed the issue of stack-based buffer overflow.
Foxit PDF files include actions associated with different triggers. If an action (Open/Execute a file, Open a web link, etc.) is defined in the PDF files with an overly long filename argument and the trigger condition is satisfied, it will cause a stack-based buffer overflow.

Fixed the issue of security authorization bypass.
If an action (Open/Execute a file, Open a web link, etc.) is defined in the PDF files and the trigger condition is satisfied, Foxit Reader will do the action defined by the creator of the PDF file without popping up a dialog box to confirm.

Fixed the issue of JBIG2 Symbol Dictionary Processing
While decoding a JBIG2 symbol dictionary segment, an array of 32-bit elements is allocated having a size equal to the number of exported symbols, but left uninitialised if the number of new symbols is zero. The array is later accessed and values from uninitialised memory are used as pointers when reading memory and performing calls."

Foxit Reader V3.0 Build 1506
Installer with Toolbar / MSI - No Toolbar /Zip(Portable non-install - no toolbar):
http://www.foxitsoftware.com/pdf/reader/down_reader.htm

Foxit Reader 2.3 Build 3902
Click on the More Download for file choices
http://www.foxitsoftware.com/downloads/

comments?




Tuesday, 10-Nov 11:29:44 Terms of Use | Privacy Policy | Hosting by www.nac.net - DSL,Hosting & Co-lo | feedback | contact
over 10 years online! © 1999-2009 dslreports.com.republican-creole