Current Foxit Reader can execute malicious code
The vulnerable browser plugin is added by default during the installation of Foxit.
Security expert Andrea Micalizzi has discovered a critical vulnerability in the current Foxit Reader's browser plugin; according to the researcher, the hole can be exploited to inject malicious code. When a web page instructs the npFoxitReaderPlugin.dll plugin to open a PDF document from a very long URL, a buffer overflow is created on the stack. Micalizzi's advisory also includes an appropriate exploit for the vulnerability.
Secunia has rated the hole highly critical. Foxit Reader installs the browser plugins for Chrome, Firefox, Opera and Safari by default. Since the current version 5.4.4.1128 (plugin version 2.2.1.530) is affected, the only available protective measure is to disable the plugin in the browser. To do this in Firefox, click on the Firefox menu, select Tools and then select Add-ons, Plugins; in Chrome, the fastest way of accessing the plugin menu is to visit the chrome://plugins/ URL.
(djwm)
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/6/7/2/comingin310_4_kicker-4977194bfb0de0d7.png)
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/3/2/3/comingin310_3_kicker-151cd7b9e9660f05.png)
