In association with heise online

05 April 2010, 08:25

New version of Foxit closes executable security hole

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Responding to the exploit developed by PDF security specialist Didier Stevens, Foxit has closed the pertinent security hole with the new version of Foxit Reader. Stevens' code, which is only available as a demo(direct download) version, exploits the ability of PDF readers to trigger the execution of non-PDF code, as described in the PDF specification. In previous versions of Foxit Reader, this process was started without giving users any warning.

Adobe has so far not responded to the exploit. However, Acrobat Reader at least issues a warning. As a workaround, users can disable the option " Allow Opening Of Non-PDF File Attachments With External Applications".


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit