Vulnerability in Foxit PDF Reader
Javier Vicente Vallejo has discovered vulnerabilities in Foxit Reader, and alternative PDF reader for Windows that could enable attackers to smuggle in and execute harmful code. Users of the software need only open a manipulated PDF file to suffer damage.
According to Vallejo's vulnerability reports, Foxit Reader 2.2 malfunctions while parsing manipulated PDF files that contain a /Font
folder in an /ExtGState
structure. Vallejo says manipulated /XObject
resources in a PDF file can also cause interposed code to be executed if, for example, they are rotated using a /Rotate
field in the PDF.
Foxit Software has not yet published an updated version to plug the security hole. For the time being, users of Foxit Reader 2.2 and older versions should therefore avoid PDF files from non-trustworthy sources, or else switch over to external Adobe Reader.
See also:
- Foxit Reader 2.2 vulnerability opening malformed pdf, vulnerability report by Javier Vicente Vallejo
- Foxit Reader 2.2 vulnerability opening malformed pdf, vulnerability report by Javier Vicente Vallejo
- download of the current Foxit Reader
(trk)