Current Foxit Reader can execute malicious code

Discussion in 'other security issues & news' started by ronjor, Jan 10, 2013.

Thread Status:
Not open for further replies.
  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,802
    Location:
    Texas
    http://www.h-online.com/security/ne...eader-can-execute-malicious-code-1780636.html
     
  2. PJC

    PJC Very Frequent Poster

    Joined:
    Feb 17, 2010
    Posts:
    2,959
    Location:
    Internet
    After Adobe Acrobat Reader, Foxit reader...;)
     
  3. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,582
    Location:
    European Union
    It is only natural that if a tool is becoming more and more used, it will become a target for the attackers. That doesn't excuse poor programming, though...
     
  4. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    Exactly! Have a look here for more! It makes me think again that these vendors MS, Adobe etc have no corporate memory for past errors and just keep forging on into not so new experiences:rolleyes:

    http://www.h-online.com/security/news/item/Microsoft-and-Adobe-close-almost-40-holes-1779941.html


    40 holes? Maybe 2 would be acceptable.

    Lets move "up" to W8!!!:D
     
  5. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    This would not be the first instance that FoxIt has been exploited due to weak code.
     
  6. PJC

    PJC Very Frequent Poster

    Joined:
    Feb 17, 2010
    Posts:
    2,959
    Location:
    Internet
    Exactly! As an App becomes more and more Popular,
    associated Safety/Security should be Enhanced; not Reduced!
     
  7. Mman79

    Mman79 Registered Member

    Joined:
    Sep 19, 2012
    Posts:
    2,016
    Location:
    North America
    As bad of a rap as Adobe gets, I prefer to stay with the "big names" for these types of programs. Sure, Adobe will get hit more, but it'll also get more attention than a smaller, lesser known vendor will. Usually that means faster patches and, sometimes, a push for stronger protections.

    @PJC: You're right, it should, if it's possible. Sometimes though, without a major overhaul or redesign, it just isn't (Firefox would be a good example).
     
  8. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    1,985
    Location:
    Canada
    Another good reason not to install a reader's plugin. I just download the pdf then open with the program.
     
  9. PJC

    PJC Very Frequent Poster

    Joined:
    Feb 17, 2010
    Posts:
    2,959
    Location:
    Internet
    I use Sumatra PDF (it is neat...without 'Bells & Whistles'...)

    For most users, 99% of working with PDF files includes just Reading and Nothing more.
     
  10. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses


    AGREE!!!!! 101% :thumb: :thumb: :thumb:
     
  11. Mman79

    Mman79 Registered Member

    Joined:
    Sep 19, 2012
    Posts:
    2,016
    Location:
    North America
    That depends on your security setup I think. For instance, I'm using ZeroVulnerability's ExploitShield. If I didn't use a PDF plugin, then I'd be at the mercy of whatever security that plugin/PDF program had. ExploitShield doesn't cover PDF programs themselves, only browsers and their plugins. So, by using that plugin, I've got backup security plus an extra feature from Exploitshield I wouldn't have otherwise. In fact, ExploitShield covers Foxit, so this vulnerability would not likely work if you used Foxit within the browser, but might if you simply opened it up with the program.
     
  12. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,702
    The simplest way to work around is not to display PDFs in browsers.
    Instead, download them to your desired app and open there.

    And let's not forget EMET.

    Mrk
     
  13. Mman79

    Mman79 Registered Member

    Joined:
    Sep 19, 2012
    Posts:
    2,016
    Location:
    North America
    It's a matter of preference, really. It also, as I said earlier, depends on what you have behind the scenes watching over you. As for EMET, it provides little protection that isn't already very able to be bypassed. Using the plugin for my reader is a matter of convenience than anything else. If in Chrome, I don't even worry about it. Any other browser is backed up by Exploitshield, BitDefender and MBAM, all of whom will more than likely detect any shenanigans before the PDF ever opens. Whether we open files in or out of the browser, as long as we avoid the nastiness we're golden :thumb:
     
    Last edited: Jan 11, 2013
  14. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Indeed -- almost 4 years ago!

    If plug-ins are disabled globally, then if a user encounters a web exploit for a PDF Reader, the browser will force a dialog box asking for a decision. If the user isn't looking for a specific PDF file, she/he would just Cancel the dialog box knowing that something was not right, and the exploit would fail, based on the user's sound policies and procedures:

    opera_pdf-dialog.jpg

    Users, especially in business, like the plug-in to automatically open the PDF in the browser. But download speeds today are so fast that it's just a few seconds and a couple of clicks to Save, then Open the PDF. I tested downloading a 11MB PDF file, 208 pages. It took less than 10 seconds:

    opera_pdf-download.jpg

    With plugin-ins disabled globally, these exploit kit attacks against these plug-ins that are proliferating all over the internet, are stopped at the gate.


    ----
    rich
     
  15. Mman79

    Mman79 Registered Member

    Joined:
    Sep 19, 2012
    Posts:
    2,016
    Location:
    North America
    Again, it's preference. Downloads may be fast, but that's not a good enough reason for some if they don't want to download it real fast, go to their download folder, open the file and wait for their program to load it. You're right that there are safer ways to deal with issues, but for those who don't want to set up and deal with policies and procedures (The word policies alone immediately makes me think "Christ, how long is this going to take and how is it going to affect me?") there are still options.
     
    Last edited: Jan 11, 2013
  16. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Mman79, I can't disagree with any of what you write above! Many people don't want to be inconvenienced!

    Put yourself in the place of this company's security manager, as quoted from an article cited in another thread:

    Security Manager's Journal: New ransomware attack hurts trustworthiness of Web
    http://www.computerworld.com/s/arti...ck_hurts_trustworthiness_of_Web?taxonomyId=85
    Many of the ransomware exploits have been traced to those targeting PDF and Java plug-ins. This is common in analyses of ransomware attacks:

    Ransomware Debuts New Java Exploit,
    2012-07-10
    http://blog.soleranetworks.com/2012...oit-sends-victims-running-for-moneypak-cards/
    Should a company security manager insure that plug-ins are disabled on users' workstations to prevent this type of exploitation, knowing that many users will complain for the lack of convenience?

    One compromise is that in some browsers, you get this notification (Opera, here) and the plug-in can be enabled for that site where the user needs to view a PDF file:

    opera_plugin-disabled.jpg

    (I'm curious about the options that you refer to, if you can elaborate)

    The security manager continues from the first article:

    But there are other ways besides infected web advertisements of redirecting unsuspecting users to booby-trapped web sites. So, he's taken care of "this particular nuisance" but hasn't really addressed the main problem.

    So, what are your suggestions?

    ----
    rich
     
    Last edited: Jan 11, 2013
  17. Mman79

    Mman79 Registered Member

    Joined:
    Sep 19, 2012
    Posts:
    2,016
    Location:
    North America
    Well, in a corporate environment the game changes. Users are just going to have to go by what the, hopefully, competent IT staff think is best. In that environment, things should be locked down tighter. At home, well, in my case I use both Chrome and IE 10 which are a pretty good start in basic security. For both of them, ad blocking is in place to take care of both annoying and possibly malicious ads. After that I have http://www.zerovulnerabilitylabs.com/home/exploitshield/ in place alongside MBAM Pro (website blocking enabled) and BitDefender which is both good at detection and also has an Http scanner in place, which I consider essential these days.

    All of this is nowhere near the advanced setups one can see here. But you really don't need advanced and "noisy" setups to protect yourself. There's really not much out there that is scary beyond ransomware and the "Flames" of the world. If that company you cited would have had a decent ad blocker in place, they likely would have never dealt with that issue. Security is made way more complicated of an issue than it really needs to be, in my opinion. You can stay safe without ever touching group policies and denying access to such and such areas, you really can. Some people, like myself, can't use them because of OS restrictions (I don't have Windows 7 Ultimate, only Home Premium), and I wouldn't want to anyway. If I can't trust the tools I use to keep me reasonably safe, after choosing them based on my computing use and requirements and having done research through Wilders and elsewhere, then I might as well not even bother connecting to the Internet. You've got to put faith in something at some point.
     
  18. SouthPark

    SouthPark Registered Member

    Joined:
    Jun 13, 2012
    Posts:
    261
    Location:
    USA
    I use it too, ever since Foxit started to get bloated. It's a great basic PDF reader and has always been rock solid for me.
     
  19. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    1,985
    Location:
    Canada
    Maybe not the most convenient, but this is the best approach. Mrk explains it better than I did :)
     
  20. PJC

    PJC Very Frequent Poster

    Joined:
    Feb 17, 2010
    Posts:
    2,959
    Location:
    Internet
    Sumatra PDF is what most users need! :thumb:
     
  21. Wild Hunter

    Wild Hunter Former Poster

    Joined:
    Oct 13, 2012
    Posts:
    1,375
    I stopped using browser plugins of common PDF readers to open/read PDFs a long time ago.

    Nowadays I just install an extension that allows me to open/read PDFs (and others) on Google Docs (or an equivalent trustworthy service) automatically.

    For Opera: https://addons.opera.com/en/extensions/details/gpdf/

    When I want to open/read them outside the browser, I use Sumatra PDF.

    No security issues with this approach in years.
     
  22. PJC

    PJC Very Frequent Poster

    Joined:
    Feb 17, 2010
    Posts:
    2,959
    Location:
    Internet
    BTW, Sumatra released its 2.2.1 version.
     
  23. Wild Hunter

    Wild Hunter Former Poster

    Joined:
    Oct 13, 2012
    Posts:
    1,375
    Updated, thanks. ;)
     
  24. ComputerSaysNo

    ComputerSaysNo Registered Member

    Joined:
    Aug 9, 2012
    Posts:
    1,428
    Sumatra is a great PDF reader, but it's security through obscurity which time has proven doesn't work.
     
  25. PJC

    PJC Very Frequent Poster

    Joined:
    Feb 17, 2010
    Posts:
    2,959
    Location:
    Internet
    You are welcome! :thumb:
     
Loading...
Thread Status:
Not open for further replies.