Posted by: Ken Harthun
Buffer Overflow, Remote Code Execution, Security, Vulnerabilities
Since I discovered Foxit Reader in early 2006, I’ve been recommending it to everyone. There’s no question it’s a best-of-breed tool for speed and simplicity. But recently, Secunia issued a bulletin advising of a security vulnerability in the program. According to that bulletin, Foxit Reader version 2.3 build 2825 is vulnerable to a remote code execution buffer overflow. attack on your system. The problem will be fixed in the upcoming build 2912.
I’m still using version 1.3.x which, apparently, is not vulnerable. So, if you’re using an older version of Foxit, you should be OK; however, just as soon as build 2912 is available, I’m going to upgrade just to be on the safe side. You should, too.