Jump to content

Foxit Patches 12 Vulnerabilities in PDF Reader


RV_

Recommended Posts

If you run Foxit to avoid the risks of Adobe reader, you need to update now, and read the whole article to see why.

 

Excerpt:

 

"Foxit patched a dozen vulnerabilities in its PDF reader software this week, more than half of which could allow an attacker to directly execute arbitrary code on vulnerable installations of the product.

 

The company released version 8.0 of its Foxit Reader and Foxit PhantomPDF on Monday, addressing vulnerabilities in builds 7.3.4.311 and earlier of the product. Details around the issues weren’t publicly disclosed until two days later, on Wednesday, in coordination with the Zero Day Initiative.

 

Like most PDF vulnerabilities, user interaction is required to exploit any of the vulnerabilities, meaning an attacker would have to trick a user into either visiting a malicious page or opening a malicious PDF file. While eight of the vulnerabilities can directly result in remote code execution, technically all of the vulnerabilities could be used to execute code; some just need to be chained together with other vulnerabilities to do so.

 

Five of the issues stem from a flaw in ConvertToPDF plugin, a Windows shell extension Foxit installs on machines alongside the Reader software for converting PDF files or combining supported files.

 

To exploit the vulnerabilities an attacker could use an image file – either a BMP, TIFF, GIF, or JPEG image – to trigger a read memory past the end of an allocated buffer, or object. From there, depending on the vulnerability, an attacker could either leverage the vulnerability as is, or use it in conjunction with other vulnerabilities to “execute code in the context of the current process.”

 

The rest of the article can be found here: https://threatpost.com/foxit-patches-12-vulnerabilities-in-pdf-reader/118993/

RV/Derek
http://www.rvroadie.com Email on the bottom of my website page.
Retired AF 1971-1998


When you see a worthy man, endeavor to emulate him. When you see an unworthy man, look inside yourself. - Confucius

 

“Those who can make you believe absurdities, can make you commit atrocities.” ... Voltaire

Link to comment
Share on other sites

This brings up a personal update. Since Windows 10 I have uninstalled Foxit reader and let the default Windows 10 pdf reader open all my pdf files. NO issues, and it gets updated monthly with Windows and my Office programs. Since I am now 100% Windows 10 I no longer need to use Foxit reader or Adobe (Ugh!)

 

One less program to check for updates.

 

If you have other third party programs it is wise to update them when the monthly updates for Windows come out, that is how I remember. However it has become such that I now use almost exclusively Windows default programs except for VLC for special uses. And the utilities like CCleaner from Piriform, which tell me when they need to be updated.

 

I spend little time on security as it is mostly automatic today with Defender and Malwarebytes Premium as my 1/2 punch. The rest come in with Windows updates.

RV/Derek
http://www.rvroadie.com Email on the bottom of my website page.
Retired AF 1971-1998


When you see a worthy man, endeavor to emulate him. When you see an unworthy man, look inside yourself. - Confucius

 

“Those who can make you believe absurdities, can make you commit atrocities.” ... Voltaire

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

RVers Online University

campgroundviews.com

RV Destinations

Find out more or sign up for Escapees RV'ers Bootcamp.

Advertise your product or service here.

The Rvers- Now Streaming

RVTravel.com Logo



×
×
  • Create New...