The Register has some bad news about that PDF reader you prefer to Adobe's software, a new vulnerability which does not even stem from booby-trapped document but from a long link name. It seems that you can cause a buffer overflow in Foxit simply by copying the entire URL into a fixed-sized buffer when the user clicks on a PDF which "pretty much lets you write to a memory location of your choice". 5.4.4.1128 and older version are vulnerable and we have yet to hear from the creators of Foxit. Looks like no PDF reader is safe at this point.
"A new security bug in the popular Foxit PDF reader plugin for web browsers allows miscreants to compromise computers and install malware. There's no patch for this zero-day vulnerability.
Italian security researcher Andrea Micalizzi discovered that the latest version of the software crashes if users are tricked into clicking on an overly long web link. The plugin is kicked into action by the browser to handle the file and promptly bombs."
Here is some more Tech News from around the web:
- Weekend Project: Linux For Beginners @ Linux.com
- HP Photosmart 5520 Review @ TechReviewSource
- Tech Reports's big CES 2013 digest
- We drop a Corsair Survivor 16GB pen drive from 10th floor hotel room at CES on video – does it survive? @ Tweaktown
- TechwareLabs CES 2013 Coverage: Part 2
- Bjorn3D CES 2013 Coverage
- CES 2013: Kingston HyperX 10-Year Anniversary Party & Starcraft II Tournament @ Legit Reviews
- CES 2013 Report @ Neoseeker
- Ten stars of CES 2013: Who made the biggest splash? @ The Register
Well, I never bought the
Well, I never bought the Foxit coolaid on security. I use it for it’s lighter weight and snappy performance, though lately that too has become less “snappy”. I’ve just never used plugins for document viewing of any type.
Combine this with my recent unchecking the “enable content in the browser” check-box, and my uninstall of Shockwave (not flash), and flash and silverlight are my only plugin vulnerabilities. For the rest, I’m just going to rely on NoScript to keep myself less unsafe!
Well I liked using a pdf
Well I liked using a pdf reader called sumatra.
Thanks for keeping aware about Foxit.
I ditched Foxit a long time
I ditched Foxit a long time ago for Nitro PDF.