April 2, 2010, 10:17AM

Foxit Fixes PDF Executable Problem

Follow @DennisF

Foxit on Friday released an update to fix the problem with PDF readers running executables without users' permission. The problem, which was identified and publicized by Didier Stevens earlier this week, still exists in Adobe Reader.

The Foxit security update fixes a problem in the reader in which an attacker can abuse the way that the application handles embedded executables. The technique allows the attacker to force the Foxit Reader to execute embedded files without the getting permission from the user. The problem is caused by a feature in the PDF specification, and isn't a vulnerability in the software itself.

The Foxit update is included in Foxit Reader version 3.2.1.0401.

Comments

Submitted by Brad Arkin (not verified) on Mon, 04/05/2010 - 3:56pm.

Hey Dennis,

The /launch PoC that Didier Stevens put together triggers a warning dialog in Adobe Reader and Acrobat. The default choice on the dialog is to decline the launch request. The original behavior of FoxIt was to launch with no user interaction. The change that FoxIt introduced with their update last week was to bring the behavior in line with Adobe Reader -- displaying a user dialog box prior to launch. An important difference is the dialog defaults to 'open' for FoxIt as opposed to 'do not open' for Adobe Reader.

Brad

Submitted by Anonymous (not verified) on Tue, 04/06/2010 - 8:51pm.

Didier Stevens, the researcher who last week demonstrated a multi-stage attack using the /Launch function, said that his proof-of-concept code — which he has not released to the public — still works when pitted against the updated Foxit Reader.


LinkedIn	Twitter	Tumblr	Facebook

EN US Navigation Bar

Foxit Fixes PDF Executable Problem

Recommended Reads

Comments

Today's Most Popular

Most Commented Stories

Newsletter Sign-up

Take Our Poll

Listen to Latest Podcasts

Follow Threatpost