In association with heise online

10 September 2012, 16:36

Foxit Reader 5.4 fixes DLL hijacking vulnerability

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Foxit Reader logo The recent 5.4 release of Foxit Software's proprietary PDF Reader addresses a DLL hijacking vulnerability that could be exploited by an attacker to compromise a victim's system. According to the company, previous versions of its software contained a security hole that allowed it to call and execute malicious code stored in an infected Dynamic Link Library (DLL) file.

For an attack to be successful, a victim must first open a PDF file in the same directory as a specially crafted version of a system DLL file. This could occur, for example, when an attacker publishes a PDF file on a WebDAV or SMB share and places the crafted DLL in the same shared folder. When the file is opened, Foxit is loaded and begins to load system libraries, but because of a programming oversight, it will first look for some of these libraries in the directory it loaded the PDF from. So a malicious DLL with the same name as a system library that is searched for can inject itself into the application and have its code executed.

Versions up to and including Foxit Reader are affected. The company credits Remy Brands with discovering the issue on 24 August. While Foxit notes that it corrected the problem just two days later, it only released Foxit Reader 5.4, which contains the fix, on 6 September.

Further information about the 5.4 update, including a list of new features, can be found in the release announcement. Foxit Reader 5.4 is available to download from the company's site; existing users can upgrade to the new version by selecting the "Check for Updates Now" option under the Reader help menu.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit