Foxit fixed a vulnerability in its PDF reader product yesterday, eight days after it was discovered that an attacker could have leveraged to insert malicious code into documents.
Version 5.4.5 of Reader addresses a boundary error in the program’s Web browser plugin, “npFoxitReaderPlugin.dl.” If left unpatched the vulnerability could have caused a stack-based buffer overflow when parsing an overly long file name and allowed an attacker to run arbitrary code. Vulnerability firm Secunia classified the flaw as highly critical at the time, warning it affected all versions of Foxit.
The company initially fixed the issue last Friday when it released a patched version of the plugin, 220.127.116.11 for Firefox.
Users of Foxit can manually update to the latest version of the software, 5.4.5, which includes the updated Firefox plugin, by checking for updates in the program’s “Help” menu, or clicking through to the company’s “Downloads” section.