Adobe isn’t the only software vendor struggling to cope with security vulnerabilities in PDF reader applications. According to reports, there are numerous PDF applications — including Foxit Reader and Xpdf — that allow attackers to infect systems with malware.
When loading and unloading certain COM objects, for instance, the Foxit plug-in (npFoxitReaderPlugin.dll) for the Firefox web browser under Windows causes a memory leak that can potentially be exploited for injecting and executing code via specially crafted web pages.
The flaw was discovered in version 3.1.1.0928 and has also been confirmed to exist in the current version 3.1.2.1013 of Foxit Reader (with Firefox 3.5.3 ). A similar bug that affected the loading of objects was recently fixed in Adobe Reader. So far, no updates have been made available for Foxit Reader.
