In association with heise online

24 April 2008, 12:59

Vulnerability in Foxit PDF Reader

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Javier Vicente Vallejo has discovered vulnerabilities in Foxit Reader, and alternative PDF reader for Windows that could enable attackers to smuggle in and execute harmful code. Users of the software need only open a manipulated PDF file to suffer damage.

According to Vallejo's vulnerability reports, Foxit Reader 2.2 malfunctions while parsing manipulated PDF files that contain a /Font folder in an /ExtGState structure. Vallejo says manipulated /XObject resources in a PDF file can also cause interposed code to be executed if, for example, they are rotated using a /Rotate field in the PDF.

Foxit Software has not yet published an updated version to plug the security hole. For the time being, users of Foxit Reader 2.2 and older versions should therefore avoid PDF files from non-trustworthy sources, or else switch over to external Adobe Reader.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit