Security update for Foxit Reader
Foxit Software has announced the release of version 4.3.1.0218 of its PDF Reader product, a maintenance update that addresses a "highly critical" security vulnerability. According to Foxit, the patch corrects an issue that could, when opening a specially crafted document, cause an integer overflow error when processing specific ICC profiles, in turn leading to a heap-based buffer overflow. This could be used, for example, by an attacker to compromise a user's system by terminating the application or executing arbitrary code.
Versions up to and including Foxit Reader 4.3.1.0118 and Foxit Phantom 220.127.116.112 are reportedly affected. Foxit says that it plans to release an update for its Phantom PDF Suite later this week – the latest version is 2.2.3. All users are advised to upgrade.
Further details about the Foxit Reader update can be found in the official release announcement and in the firm's security bulletin. Foxit Reader 4.3.1.0218 is available to download from the company's site. Alternatively, existing users can select "Check for Updates Now" via the Reader help menu to upgrade to the latest release.
- Foxit Reader ICC Processing Integer Overflow Vulnerability, security advisory from Secunia.