Foxit Patches Critical Vulnerability

Monday, January 21, 2013 @ 04:01 PM gHale


In order to address a critical remote code execution vulnerability that could allow attackers to compromise computers running previous versions of the software, Foxit released version 5.4.5 of its Foxit Reader PDF viewer plug-in on Thursday.

An attacker could exploit the vulnerability, located in the Foxit Reader browser plug-in for Mozilla Firefox, Google Chrome, Opera and Safari, by tricking users into opening an URL to a PDF document with an extremely long file name. The plug-in — npFoxitReaderPlugin.dll – installs by default unless users clear a checkbox during the Foxit Reader installation process.

RELATED STORIES
Foxit Reader Security Flaws
Adobe Fixes Acrobat, Reader, Flash
Malware Targets Java HTTP Servers
Adobe Shockwave Vulnerabilities

Foxit Reader 5.4.5 contains a patched version of the browser plug-in, Foxit said in an advisory published on its website. Users should upgrade to the newly released version by using the “Check for Updates Now” link under the application’s “Help” menu.

In its advisory, Foxit credits vulnerability research firm Secunia with discovering the flaw. However, independent security researcher Andrea Micalizzi really found the vulnerability.

Micalizzi publicly disclosed details about the vulnerability and how to exploit it on his website on Jan. 7, meaning it had Zero Day status at the time. Secunia credited Micalizzi in its own advisory on Jan. 8.

Foxit Reader pitches itself as a safer alternative to Adobe Reader. Foxit advertises the application as “the most secure PDF reader” on its website and said it has over 130 million users.

PDF exploits are not as common in Web-based attacks today as they were a few years ago. However, Web exploit toolkits used by cybercriminals still contain such exploits, the vast majority of which target vulnerabilities in outdated versions of Adobe Reader.

Newer versions of Adobe Reader like Adobe Reader X (10) and XI (11) have a sandboxing mechanism that makes the exploitation of remote code execution vulnerabilities very hard.

Some browser vendors are also trying to make it harder for attackers to use PDF exploits. Mozilla recently added a built-in PDF viewer to the beta version of Firefox and expects it to become a stable feature in the next version of the browser, Firefox 19.

Google Chrome has had a built-in PDF viewer since 2010. The component is actually built using Foxit’s PDF SDK (software development kit), but remains protected by the browser’s native sandbox.



Leave a Reply

You must be logged in to post a comment.