Foxit Fixes PDF Executable Problem

Foxit on Friday released an update to fix the problem with PDF readers running executables without users’ permission. The problem, which was identified and publicized by Didier Stevens earlier this week, still exists in Adobe Reader.

Foxit on Friday released an update to fix the problem with PDF readers running executables without users’ permission. The problem, which was identified and publicized by Didier Stevens earlier this week, still exists in Adobe Reader.

The Foxit security update fixes a problem in the reader in which an attacker can abuse the way that the application handles embedded executables. The technique allows the attacker to force the Foxit Reader to execute embedded files without the getting permission from the user. The problem is caused by a feature in the PDF specification, and isn’t a vulnerability in the software itself.

The Foxit update is included in Foxit Reader version 3.2.1.0401.

Suggested articles

RSA conference 2019

RSA Conference 2019 Recap

From privacy to patches, Threatpost editors discuss the biggest infosec news and trends that they saw this week at RSA Conference 2019.

Discussion

  • Brad Arkin on

    Hey Dennis,

    The /launch PoC that Didier Stevens put together triggers a warning dialog in Adobe Reader and Acrobat.  The default choice on the dialog is to decline the launch request.  The original behavior of FoxIt was to launch with no user interaction.  The change that FoxIt introduced with their update last week was to bring the behavior in line with Adobe Reader -- displaying a user dialog box prior to launch.  An important difference is the dialog defaults to 'open' for FoxIt as opposed to 'do not open' for Adobe Reader.

    Brad

  • Anonymous on

    Didier Stevens, the researcher who last week demonstrated a multi-stage attack using the /Launch function, said that his proof-of-concept code — which he has not released to the public — still works when pitted against the updated Foxit Reader.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.