Fixed Foxit Reader released
Foxit Software has released an update to the Foxit Reader browser plugin that closes a recently discovered critical hole in the PDF viewing extension. The advisory confirms that the unpatched plugin, version 5.4.4 and earlier, could be abused to execute arbitrary code.
The problem was caused by a boundary checking error in the
npFoxitReaderPlugin.dll plugin code when processing a URL. When passed an overly long file name in the URL, the error failed to stop a stack-based buffer overflow occurring. Foxit says users can either run "Check for Updates Now" in the standalone Reader application to update to version 5.4.5 or download the updated edition from its web site.