X
Business
Home Business Executive

Secunia finds 'highly critical' Foxit Reader Flaw

Add the popular Foxit Reader to the list of desktop software applications to be patched as a matter of priority.According to vulnerability research outfit Secunia, there's a "highly critical" vulnerability in the alternative PDF reader software that can be exploited by malicious hackers to take complete control of a target system.
Written by Ryan Naraine, Contributor
Secunia finds ‘highly critical’ Foxit Reader Flaw
Add the popular Foxit Reader to the list of desktop software applications to be patched as a matter of priority.

According to vulnerability research outfit Secunia, there's a "highly critical" vulnerability in the alternative PDF reader software that can be exploited by malicious hackers to take complete control of a target system.

The skinny:

The vulnerability is caused due to a boundary error when parsing format strings containing a floating point specifier in the "util.printf()" JavaScript function. This can be exploited to cause a stack-based buffer overflow via a specially crafted PDF file.   Successful exploitation allows execution of arbitrary code.

The vulnerability is confirmed in version 2.3 build 2825. Other versions may also be affected.

Secunia says vulnerability is fixed in an upcoming version 2.3 build 2912 but, inexplicably, the vulnerable build 2828 is currently being delivered from Foxit's download page (see image above).

For the average computer user, it's near impossible to keep up with patches for all the installed desktop applications.  Some software vendors are using automatic updates to ensure patches are deployed in a timely manner but, unless you are savvy enough to keep an eye out for vulnerability warnings, chances are there's a vulnerable software on your machine, leaving you exposed to malicious hacker attacks.

[ SEE: Ten free security utilities you should already be using ]

There's no clear cut solution to handle client-side patch management but, for starters, I like to recommend Secunia's PSI (personal software inspector), a free utility that scans Windows machines in search unpatched software products.  The tool  works by by examining files on your computer (primarily .exe, .dll, and .ocx files) for meta information on specific software builds installed. After examining all the files on the machine, the collected data is sent to Secunia’s servers and matched against the Secunia File Signatures engine to determine the exact applications installed on your system.

The Secunia PSI can be used to flag insecure/end-of-life software and find direct download links to missing security updates. It monitors more than 4,200 desktop applications.

Editorial standards
Show Comments

Related

Anker Solix X1

Not into the Tesla Powerwall? You can now buy the Anker Solix X1

Placeholder product image alt text

The best AI image generators to try right now

Microsoft Copilot

The best AI chatbots: ChatGPT isn't the only one worth trying