In association with heise online

21 January 2013, 08:52

Fixed Foxit Reader released

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Foxit Reader icon Foxit Software has released an update to the Foxit Reader browser plugin that closes a recently discovered critical hole in the PDF viewing extension. The advisory confirms that the unpatched plugin, version 5.4.4 and earlier, could be abused to execute arbitrary code.

The problem was caused by a boundary checking error in the npFoxitReaderPlugin.dll plugin code when processing a URL. When passed an overly long file name in the URL, the error failed to stop a stack-based buffer overflow occurring. Foxit says users can either run "Check for Updates Now" in the standalone Reader application to update to version 5.4.5 or download the updated edition from its web site.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit