Help
Affected Software:
Foxit Reader 2.x
Foxit Reader 3.x
Some vulnerabilities have been reported in Foxit Reader, which can be exploited by malicious people to compromise a user's system.
1) An error exists when processing JBIG2 symbol dictionary segments. This can be exploited to dereference uninitialised memory via a specially crafted PDF file.
This vulnerability is confirmed in version 3.0.2009.1301 and reported in versions 2.3 and 3.0.
2) A boundary error exists in the processing of actions defined in PDF files. This can be exploited to cause a stack-based buffer overflow when an action having an overly long filename argument is triggered.
This vulnerability is reported in version 3.0.
Successful exploitation of the vulnerabilities may allow execution of arbitrary code.
NOTE: Additionally, actions defined in PDF files were executed without asking for confirmation when a trigger condition was satisfied.
Solution: Program update is available. Check the program using the program's updater.
http://secunia.com/advisories/34036/
Page 1 of 1
Foxit Reader Multiple Vulnerabilities
#-18
glenn30 
- Dies Martis
-
- Group: Member - Contributor
- Posts: 354
- Joined: 19-January 09
Posted 09 March 2009 - 08:01 PM
Donna, on Mar 9 2009, 12:07 PM, said:
Affected Software:
Foxit Reader 2.x
Foxit Reader 3.x
Some vulnerabilities have been reported in Foxit Reader, which can be exploited by malicious people to compromise a user's system.
1) An error exists when processing JBIG2 symbol dictionary segments. This can be exploited to dereference uninitialised memory via a specially crafted PDF file.
This vulnerability is confirmed in version 3.0.2009.1301 and reported in versions 2.3 and 3.0.
2) A boundary error exists in the processing of actions defined in PDF files. This can be exploited to cause a stack-based buffer overflow when an action having an overly long filename argument is triggered.
This vulnerability is reported in version 3.0.
Successful exploitation of the vulnerabilities may allow execution of arbitrary code.
NOTE: Additionally, actions defined in PDF files were executed without asking for confirmation when a trigger condition was satisfied.
Solution: Program update is available. Check the program using the program's updater.
http://secunia.com/advisories/34036/
Foxit Reader 2.x
Foxit Reader 3.x
Some vulnerabilities have been reported in Foxit Reader, which can be exploited by malicious people to compromise a user's system.
1) An error exists when processing JBIG2 symbol dictionary segments. This can be exploited to dereference uninitialised memory via a specially crafted PDF file.
This vulnerability is confirmed in version 3.0.2009.1301 and reported in versions 2.3 and 3.0.
2) A boundary error exists in the processing of actions defined in PDF files. This can be exploited to cause a stack-based buffer overflow when an action having an overly long filename argument is triggered.
This vulnerability is reported in version 3.0.
Successful exploitation of the vulnerabilities may allow execution of arbitrary code.
NOTE: Additionally, actions defined in PDF files were executed without asking for confirmation when a trigger condition was satisfied.
Solution: Program update is available. Check the program using the program's updater.
http://secunia.com/advisories/34036/
I am confused... not sure I like what I see. Downloaded the fix and upon starting the installer indicates the update contains the Foxit Toolbar. NO TOOLBARS WANTED! There is no option to decline... what can I do?
In the meantime I have removed Foxit Reader. Secunia PSI gives Foxit an insecure rating without the update. Is there another safe reader?
This post has been edited by glenn30: 09 March 2009 - 08:03 PM
#-17
roddy32
Posted 09 March 2009 - 08:47 PM
I updated the via the program updater earlier today before I posted the update here Glenn which shows available updates on the left side and you move the update to the right side and just leave the toolbar on the left side and click install. You never see the toolbar that way but if you uninstalled the program, it is too late to do it that way. I don't know if there is another reliable reader or not. I went to Foxit a long time ago.
#-16
joe53
- Possibly Certifiable
-
- Group: Calendar Mods
- Posts: 480
- Joined: 08-December 04
Posted 09 March 2009 - 08:58 PM
Actually, you can still get the Foxit Reader without any trace of the toolbar or ebay link, if you download the .msi version from here:
http://www.foxitsoft...down_reader.htm
I did so last week, and can attest that it is a straightforward install, free of any refence to the Foxit Toolbar. As far as I can tell, this is not a crippled version (at least not for my simple needs).
You can update from within the program to the latest version via Help>Check for Updates> hilite Reader Update in the left section (under available updates)>Add button>Install button. This too did not install the toolbar (which is listed separately) when I updated today.
I still think Foxit is pretty sleazy- they know most users will opt to download the .exe version, which does contain the toolbar. But at least the Reader I now have works as well as the versions before they stooped to adding the toolbar.
http://www.foxitsoft...down_reader.htm
I did so last week, and can attest that it is a straightforward install, free of any refence to the Foxit Toolbar. As far as I can tell, this is not a crippled version (at least not for my simple needs).
You can update from within the program to the latest version via Help>Check for Updates> hilite Reader Update in the left section (under available updates)>Add button>Install button. This too did not install the toolbar (which is listed separately) when I updated today.
I still think Foxit is pretty sleazy- they know most users will opt to download the .exe version, which does contain the toolbar. But at least the Reader I now have works as well as the versions before they stooped to adding the toolbar.
#-15
glenn30
- Dies Martis
-
- Group: Member - Contributor
- Posts: 354
- Joined: 19-January 09
Posted 09 March 2009 - 09:01 PM
roddy32, on Mar 9 2009, 03:47 PM, said:
I updated the via the program updater earlier today before I posted the update here Glenn which shows available updates on the left side and you move the update to the right side and just leave the toolbar on the left side and click install. You never see the toolbar that way but if you uninstalled the program, it is too late to do it that way. I don't know if there is another reliable reader or not. I went to Foxit a long time ago.
Thanks! I think you solved the problem. I installed the older build again... then updated through program by choosing only the updated patch. Seems to have worked and Secunia PSI no longer complains. Now showing Foxit Version 3.0 Build 1506.
This post has been edited by glenn30: 09 March 2009 - 09:01 PM
#-14
roddy32
Posted 09 March 2009 - 09:07 PM
glenn30, on Mar 9 2009, 04:01 PM, said:
roddy32, on Mar 9 2009, 03:47 PM, said:
I updated the via the program updater earlier today before I posted the update here Glenn which shows available updates on the left side and you move the update to the right side and just leave the toolbar on the left side and click install. You never see the toolbar that way but if you uninstalled the program, it is too late to do it that way. I don't know if there is another reliable reader or not. I went to Foxit a long time ago.
Thanks! I think you solved the problem. I installed the older build again... then updated through program by choosing only the updated patch. Seems to have worked and Secunia PSI no longer complains. Now showing Foxit Version 3.0 Build 1506.
Great Glenn
Share this topic:
Page 1 of 1