ie8 fix
madison

Zero Day

Ryan Naraine, Emil Protalinski and Dancho Danchev
Home / News & Blogs / Zero Day

Foxit PDF Reader being exploited in the wild

By | March 25, 2009, 8:53am PDT

Summary: Adobe isn’t the only PDF software maker facing in-the-wild malware attacks. Just weeks after the availability of patches for critical security flaws in the popular FoxIt Reader, there is word that malicious hackers are already targeting unpatched versions of the software. According to Symantec’s Sean Hittel: On March 20, our honeypots began detecting exploits for the Foxit PDF [...]

Adobe isn’t the only PDF software maker facing in-the-wild malware attacks.

Just weeks after the availability of patches for critical security flaws in the popular FoxIt Reader, there is word that malicious hackers are already targeting unpatched versions of the software.

According to Symantec’s Sean Hittel:

  • On March 20, our honeypots began detecting exploits for the Foxit PDF reader. Although it is not clear if this specific attacker intentionally wanted to target users of the Foxit Reader who had installed and not updated their software, or if the exploit was simply added to the attack toolkit when it became public, users should nonetheless review their installations to ensure that they are not vulnerable to this attack. Foxit has fixed all known security vulnerabilities, and you can review their security bulletins here.

[ SEE: Secunia finds 'highly critical' Foxit Reader Flaw ]

Hittel said the FoxIt exploits are exploiting these known vulnerabilities and have been fitted into an exploit toolkit that serves a variety of software exploits.

As always, if you have FoxIt Reader installed on your machine, upgrade to FoxIt 3.0 immediately.

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

More from “Zero Day”

Topics

Software, Malware, Exploit, Foxit, Spyware, Adware & Malware, Cyberthreats, Security, Viruses And Worms, Ryan Naraine

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues.

Disclosure

Ryan Naraine

The most important disclosure is of my employment with Kaspersky Lab as a member of the global research and analysis team. Kaspersky Lab is a global company specializing in anti-malware and secure content management technologies. I do not own stocks or other investments in any technology company.

Biography

Ryan Naraine

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content management technologies.

Prior to joining Kaspersky Lab, Ryan was Editor-at-Large/Security at eWEEK, leading the magazine's and Web site's coverage of Internet and computer security issues and managing the popular SecurityWatch blog, covering the daily threats, vulnerabilities and IT security technologies. He also covered IT security, hacker attacks and secure content management topics for Jupiter Media's internetnetnews.com.

Ryan can be reached at naraine SHIFT 2 gmail.com. For daily updates on Ryan's activities, follow him on Twitter.

5
Comments
Add Your Opinion

Join the conversation!

Just In

RE: Foxit PDF Reader being exploited in the wild
birumut Updated - 3rd May 2011
Well done! Thank you very much for professional templates and community edition
seslisohbet seslichat
View in thread
0 Votes
+ -
Exploits not successful on PDF-XChange
bugmenot2 25th Mar 2009
I use PDF-Xchange Viewer, which allows me to disable Javascript (last version of Foxit I tested did NOT allow this, so I dumped it). I tested to PoC exploits linked to in the article, and PDFXChg told me it wanted to open Notepad and asked for confirmation, or it told me it wanted to open C:\AAAAAAAAAAAAA...AAAA, again asking for confirmation.
0 Votes
+ -
Latest version of Foxit allows Javascript to be disabled.
D. W. Bierbaum 27th Mar 2009
I just checked. It's a checkbox under Edit-> Preferences-> JavaScript called "Allow Javascript Actions"
0 Votes
+ -
RE: Foxit PDF Reader being exploited in the wild
hbracer 25th Mar 2009
The key is to keep checking in with Foxit for updates that get rid of bugs/malware. They have great online support and forums that if you post a question or problem they are usually able to answer it within 24 hours.
0 Votes
+ -
My own reasoning on this is:
D. W. Bierbaum 27th Mar 2009
All software has vulnerabilities, and those weaknesses will be exploited if the software is popular.

For me, I'll still prefer Foxit to Adobe's own reader just because of all the effort required to trim back what Adobe installs. I don't NEED a download manager or many autostart processes, and I don't want a reader that takes time to start without an autostarted process/service. I DO WANT control over what all is being installed with the reader.
0 Votes
+ -
RE: Foxit PDF Reader being exploited in the wild
birumut Updated - 3rd May 2011
Well done! Thank you very much for professional templates and community edition
seslisohbet seslichat

Join the conversation!

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]
ie8 fix
Click Here
ie8 fix

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity

Blog Roll

Blog Archive

White Papers, Webcasts, & Resources
ie8 fix
ie8 fix