Security update for Foxit Reader 5 released

Foxit Software has released version 5.0.2 of its PDF Reader, a maintenance and security update that addresses two vulnerabilities in the application. According to the company, the update closes a hole, rated as "highly critical" by security specialist Secunia, caused by a memory boundary error that could result in a heap-based buffer overflow. For an attack to be successful, a victim must first open a specially crafted PDF file in a web browser.

A second Insecure Library Loading vulnerability that could be exploited by an attacker to execute arbitrary code when opening certain PDF files has also been fixed. The first vulnerability was discovered by Secunia's Dmitriy Pletnev, while the second bug was reported by Rob Kraus of Security Consulting Services. Versions up to and including Foxit Reader 5.0.x are said to be affected. Users are advised to upgrade to the latest 5.0.2 release to fix the above vulnerabilities.

Further details about the update can be found in the official release announcement and in the firm's security bulletins. Foxit Reader 5.0.2 is available to download from the company's web site. Alternatively, existing users can select "Check for Updates Now" under the Reader help menu to upgrade to the latest release.

See also:

• Fixed a security issue of arbitrary code execution when opening certain PDF files, a Foxit Software security advisory.
• Fixed an unexpected termination issue of Foxit Reader when opening certain PDF files in a web browser, a Foxit Software security advisory.

(crve)