They posted on press section
Quote:
New Windows DLL hijacking vulnerability
30 AUG 2010
Further to a communication received today and a reported potential Windows vulnerability located affecting almost every application running on MS Windows operating systems (see links below) - how does the PDF-XChange Viewer fair ?
Here are the reports and Mcrosoft article giving further detail.
http://blog.metasploit.com/2010/08/expl ... flaws.html
and
https://www.microsoft.com/technet/secur ... 69637.mspx
and various others such as :
http://secunia.com/advisories/41197/
We have run all the suggested tests on both build 2.0050 and 2.0054 (the current latest release) of the PDF-XChange Viewer and concluded that whilst the initial tests suggest a potential flaw is possible - once the full tests are run - the results come back that the PDF-XChange Viewer is in fact not affected - on either build detailed.
After further exhaustive testing - we do accept however that there is still some (almost inconceivably small) potential 'latitude' for an exploit to occur and we will be adding additional security code to fully block any potential for substitute dll's to be used from any location other than the required genuine DLL's.
This build will be available (2.00.55) during the week beginning September 6th 2010 as part of our scheduled product update offering.
UPDATE - 13th September, 2010.
We have now releaseed build 2.055 and have included code to block any possibilty of the above occuring !
All existing users are advised to update from our downloads page or use the option in the Viewer itself : Help -> Check for Updates.
|
September 13th, 2010, 01:46 PM
PDF-XChange 2.0 build 55 fixes DLL vulnerability
Still weird that still isn't updated here then:
