A vulnerability exists in the latest build of Foxit Reader, a PDF reader produced by the Foxit Corp., that could allow an attacker to inject malicious code into documents.
Details of the exploit were disclosed on Monday by Andrea Micalizzi, an independent security researcher based in Italy.
Essentially, to exploit Foxit, an attacker must get a user to open a PDF document on the web via an especially long URL. Secunia, the Danish vulnerability firm, warns that a boundary error in the reader’s browser plugin (npFoxItReaderPlugin.dll) can’t handle excessively long URLs and in turn, triggers a stack-based buffer overflow. Since the vulnerability can lead to system compromise, Secunia has classified the vulnerability as highly critical.
Micalizzi writes that the most recent version of Foxit, 5.4.4.1128 and the latest version of the plugin, 2.2.1.530 are directly affected by the vulnerability while Secunia notes other versions may also be affected.
Foxit can be installed on Mozilla Firefox, Google Chrome, Opera and Safari and since there currently is no patch for the vulnerability, the best way to protect against it may be to just disable the software in any browsers where the reader is installed.
Foxit, much like their contemporaries at Adobe, have tried to stay ahead of the curve when it comes to new threats that target PDF documents. A few years ago, in the midst of a flurry of PDF-based attacks, Foxit added a Safe Mode to their product that blocked external commands from being executed by the software. The reader also began warning users before the software would run executable commands embedded in PDF documents.
