SoftwareThree Security Vulnerabilities Fixed in Foxit Reader 3.0
Foxit is proud to announce an updated version of Foxit Reader V3.0 Build 1506. Foxit has fixed three major vulnerabilities below which would cause the application to crash and could potentially allow an attacker to take control of the affected system.
FREMONT, CA, March 11, 2009 /24-7PressRelease/ -- Today, Foxit is proud to announce an updated version of Foxit Reader V3.0 Build 1506. Foxit has fixed three major vulnerabilities below which would cause the application to crash and could potentially allow an attacker to take control of the affected system. Foxit took these issues seriously and our Technical Team resolved the relevant security issues efficiently within a couple days, and now Foxit Reader 3.0 is even more stable than before.
Foxit also confirms that the earlier version, Foxit Reader 2.3, is also vulnerable to security authorization bypass issue and JBIG2 symbol dictionary processing issue, and they have been fixed at the same time. Today, Foxit also released the updated version of Foxit Reader V2.3 Build 3902. So, those who keep using this old version can download the updated version from here now: http://mirrors.foxitsoftware.com/pub/foxit/reader/desktop/win/2.x/2.3 ... _Setup.exe
The ask.com toolbar Foxit is bundling, is NOT the same version as reported on secunia.com, and doesn¡¯t have the reported vulnerability.
Click here: http://secunia.com/advisories/26960/ to check the related report on secunia.com.
Vulnerabilities Fixed:
1. Fixed the issue of stack-based buffer overflow.
o Foxit PDF files include actions associated with different triggers. If an action (Open/Execute a file, Open a web link, etc.) is defined in the PDF files with an overly long filename argument and the trigger condition is satisfied, it will cause a stack-based buffer overflow.
2. Fixed the issue of security authorization bypass.
o If an action (Open/Execute a file, Open a web link, etc.) is defined in the PDF files and the trigger condition is satisfied, Foxit Reader will do the action defined by the creator of the PDF file without popping up a dialog box to confirm.
3. Fixed the issue of JBIG2 Symbol Dictionary Processing
o While decoding a JBIG2 symbol dictionary segment, an array of 32-bit elements is allocated having a size equal to the number of exported symbols, but left uninitialised if the number of new symbols is zero. The array is later accessed and values from uninitialised memory are used as pointers when reading memory and performing calls.
Click here to learn more about Foxit security bulletins: http://www.foxitsoftware.com/pdf/reader/security.htm
Download
Click here to download the latest Foxit Reader 3.0 now! URL: http://mirrors.foxitsoftware.com/pub/foxit/reader/desktop/win/3.x/3.0 ... _Setup.exe
About Foxit Software Company
Founded in 1996, Foxit Software Company was initially a network application company. Foxit has devised many popular products, such as: Koala Terminal, Secured Koala Terminal, and Windows Access Server. Starting in 2000, Foxit Software has been focusing on the electronic publishing and documenting field. Implementation of PDF Core technology becomes the primary development task. Today, the Foxit PDF product line covers many types of PDF applications. For more information, please visit www.foxitsoftware.com.