Foxit fixes PDF reader security vulnerability

The vulnerability applies to Mozilla Firefox, Google Chrome, Opera and Safari, and essentially allows hackers to convince users to open a URL to a PDF document with an extremely long file name, giving them the ability to cause a stack-based buffer overflow. The vulnerability is caused by a boundary error in the Foxit Reader plugin for web browsers (npFoxitReaderPlugin.dll).

The plug-in is installed by default, but the Foxit Reader 5.4.5 patch is available here.

Independent security researcher Andrea Micalizzi first uncovered the flaw, as reported by research firm Secunia. 

The PDF exploit is not a common attack vector, especially for alternative options to Adobe’s native PDF reader. “When you think of PDF vulnerabilities and exploits, the first word that comes to mind is probably Adobe,” noted SophosLabs researcher Paul Ducklin. “That's because Adobe's PDF reader has long been the most prevalent product in the marketplace, and the most heavily targeted by attackers and researchers. But there are plenty of challengers in the PDF software market, and it's important to remember that just being different is not enough to deliver security on its own.”

However, there are likely to be an increasing amount of alternative PDF reader issues going forward. “Since Adobe released Reader X, with its security-oriented sandbox, crooks and researchers alike have found Adobe's PDF nut much harder to crack,” he added. “You can therefore expect other vendors of PDF software to start feeling some of the heat that would probably have been aimed entirely at Adobe in years gone by.”

What’s Hot on Infosecurity Magazine?