Foxit Fixes PDF Executable Problem

Foxit on Friday released an update to fix the problem with PDF readers running executables without users’ permission. The problem, which was identified and publicized by Didier Stevens earlier this week, still exists in Adobe Reader.

Foxit on Friday released an update to fix the problem with PDF readers running executables without users’ permission. The problem, which was identified and publicized by Didier Stevens earlier this week, still exists in Adobe Reader.

The Foxit security update fixes a problem in the reader in which an attacker can abuse the way that the application handles embedded executables. The technique allows the attacker to force the Foxit Reader to execute embedded files without the getting permission from the user. The problem is caused by a feature in the PDF specification, and isn’t a vulnerability in the software itself.

The Foxit update is included in Foxit Reader version 3.2.1.0401.

Suggested articles

45 Million Medical Images Left Exposed Online

45 Million Medical Images Left Exposed Online

A six-month investigation by CybelAngel discovered unsecured sensitive patient data available for third parties to access for blackmail, fraud or other nefarious purposes.