Vulnerability in Foxit PDF Reader

Javier Vicente Vallejo has discovered vulnerabilities in Foxit Reader, and alternative PDF reader for Windows that could enable attackers to smuggle in and execute harmful code. Users of the software need only open a manipulated PDF file to suffer damage.

According to Vallejo's vulnerability reports, Foxit Reader 2.2 malfunctions while parsing manipulated PDF files that contain a /Font folder in an /ExtGState structure. Vallejo says manipulated /XObject resources in a PDF file can also cause interposed code to be executed if, for example, they are rotated using a /Rotate field in the PDF.

Foxit Software has not yet published an updated version to plug the security hole. For the time being, users of Foxit Reader 2.2 and older versions should therefore avoid PDF files from non-trustworthy sources, or else switch over to external Adobe Reader.

See also:

• Foxit Reader 2.2 vulnerability opening malformed pdf, vulnerability report by Javier Vicente Vallejo
• Foxit Reader 2.2 vulnerability opening malformed pdf, vulnerability report by Javier Vicente Vallejo
• download of the current Foxit Reader

(trk)