05 April 2010, 08:25
New version of Foxit closes executable security hole
Responding to the exploit developed by PDF security specialist Didier Stevens, Foxit has closed the pertinent security hole with the new version 3.2.1.0401 of Foxit Reader. Stevens' code, which is only available as a demo(direct download) version, exploits the ability of PDF readers to trigger the execution of non-PDF code, as described in the PDF specification. In previous versions of Foxit Reader, this process was started without giving users any warning.
Adobe has so far not responded to the exploit. However, Acrobat Reader at least issues a warning. As a workaround, users can disable the option " Allow Opening Of Non-PDF File Attachments With External Applications".
(djwm)
Print Version | Send by email
| Permalink: http://h-online.com/-970102
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/6/7/2/comingin310_4_kicker-4977194bfb0de0d7.png)
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/3/2/3/comingin310_3_kicker-151cd7b9e9660f05.png)
