Foxit on Friday released an update to fix the problem with PDF readers running executables without users’ permission. The problem, which was identified and publicized by Didier Stevens earlier this week, still exists in Adobe Reader.
The Foxit security update fixes a problem in the reader in which an attacker can abuse the way that the application handles embedded executables. The technique allows the attacker to force the Foxit Reader to execute embedded files without the getting permission from the user. The problem is caused by a feature in the PDF specification, and isn’t a vulnerability in the software itself.
The Foxit update is included in Foxit Reader version 3.2.1.0401.
