Current Foxit Reader can execute malicious code

safeguy · Jan 14, 2013

ComputerSaysNo said:

Sumatra is a great PDF reader, but it's security through obscurity which time has proven doesn't work.
Click to expand...

SumatraPDf lacks sandboxing so that's 1 weak point. If you really want/need to, you can force it to use Low IL though.

http://blog.didierstevens.com/2010/10/11/pdf-dep-aslr-and-integrity-levels/

On the other hand, it doesn't support JavaScript and that itself renders most PDF exploits moot currently. It also has much less code compared to Adobe or Foxit.

Then there's also this:
http://blog.didierstevens.com/2010/03/29/escape-from-pdf/

ComputerSaysNo · Jan 14, 2013

Now I respect Didier Steven's so that exploit is all the more reason not to use PDF's.

ronjor · Jan 17, 2013

Foxit patches critical vulnerability in PDF viewer browser plug-in

By Lucian Constantin | IDG News Service

Foxit released version 5.4.5 of its Foxit Reader PDF viewer plug-in on Thursday in order to address a critical remote code execution vulnerability that could have allowed attackers to compromise computers running previous versions of the software.
Click to expand...

http://www.infoworld.com/d/security...rability-in-pdf-viewer-browser-plug-in-211038

mick92z · Jan 18, 2013

PJC said:

I use Sumatra PDF (it is neat...without 'Bells & Whistles'...)

For most users, 99% of working with PDF files includes just Reading and Nothing more.
Click to expand...

Nice one Just installed it. Getting sick of Foxit, problems uninstalling, toolbar offers etc. Cheers
One thing i don't understand. I installed Sumatra on a laptop using default settings ( no plug in ) All was fine,. On my desktop, it would not read web pdf's, had to re-install and choose the plug in. How can that be

TheKid7 · Jan 21, 2013

Fixed Foxit Reader released:

Foxit Software has released an update to the Foxit Reader browser plugin that closes a recently discovered critical hole in the PDF viewing extension. The advisory confirms that the unpatched plugin, version 5.4.4 and earlier, could be abused to execute arbitrary code...........
Click to expand...

http://www.h-online.com/security/news/item/Fixed-Foxit-Reader-released-1787736.html

Thankful · Jan 28, 2013

Foxit Reader version 5.4.5.0124 released today (1/28/13)
http://www.foxitsoftware.com/downloads/

Log in or Sign up

Current Foxit Reader can execute malicious code

safeguy Registered Member

ComputerSaysNo Guest

ronjor Global Moderator

mick92z Registered Member

TheKid7 Registered Member

Thankful Savings Monitor

Log in or Sign up

Current Foxit Reader can execute malicious code

safeguy Registered Member

ComputerSaysNo Guest

ronjor Global Moderator

mick92z Registered Member

TheKid7 Registered Member

Thankful Savings Monitor

Useful Searches