In association with heise online

21 July 2011, 16:33

Security update for Foxit Reader 5 released

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Foxit Logo Foxit Software has released version 5.0.2 of its PDF Reader, a maintenance and security update that addresses two vulnerabilities in the application. According to the company, the update closes a hole, rated as "highly critical" by security specialist Secunia, caused by a memory boundary error that could result in a heap-based buffer overflow. For an attack to be successful, a victim must first open a specially crafted PDF file in a web browser.

A second Insecure Library Loading vulnerability that could be exploited by an attacker to execute arbitrary code when opening certain PDF files has also been fixed. The first vulnerability was discovered by Secunia's Dmitriy Pletnev, while the second bug was reported by Rob Kraus of Security Consulting Services. Versions up to and including Foxit Reader 5.0.x are said to be affected. Users are advised to upgrade to the latest 5.0.2 release to fix the above vulnerabilities.

Further details about the update can be found in the official release announcement and in the firm's security bulletins. Foxit Reader 5.0.2 is available to download from the company's web site. Alternatively, existing users can select "Check for Updates Now" under the Reader help menu to upgrade to the latest release.

See also:

(crve)

Print Version | Send by email | Permalink: http://h-online.com/-1283749
 


  • July's Community Calendar





The H Open

The H Security

The H Developer

The H Internet Toolkit