According to Symantec's Sean Hittel:
- On March 20, our honeypots began detecting exploits for the Foxit PDF reader. Although it is not clear if this specific attacker intentionally wanted to target users of the Foxit Reader who had installed and not updated their software, or if the exploit was simply added to the attack toolkit when it became public, users should nonetheless review their installations to ensure that they are not vulnerable to this attack. Foxit has fixed all known security vulnerabilities, and you can review their security bulletins here.
Hittel said the FoxIt exploits are exploiting these known vulnerabilities and have been fitted into an exploit toolkit that serves a variety of software exploits.
As always, if you have FoxIt Reader installed on your machine, upgrade to FoxIt 3.0 immediately.