Current Foxit Reader can execute malicious code
Security expert Andrea Micalizzi has discovered a critical vulnerability in the current Foxit Reader's browser plugin; according to the researcher, the hole can be exploited to inject malicious code. When a web page instructs the
npFoxitReaderPlugin.dll plugin to open a PDF document from a very long URL, a buffer overflow is created on the stack. Micalizzi's advisory also includes an appropriate exploit for the vulnerability.
Secunia has rated the hole highly critical. Foxit Reader installs the browser plugins for Chrome, Firefox, Opera and Safari by default. Since the current version 22.214.171.1248 (plugin version 126.96.36.1990) is affected, the only available protective measure is to disable the plugin in the browser. To do this in Firefox, click on the Firefox menu, select Tools and then select Add-ons, Plugins; in Chrome, the fastest way of accessing the plugin menu is to visit the