Skip to main content
Start a Conversation

Unsolved

This post is more than 5 years old

Bugbatter

20.5K Posts

2920

March 9th, 2009 07:00

Updates - March 9, 2009

Please refer to Calendar of Updates.

The Calendar of Updates is devoted to bringing you the latest information about new and upcoming updates for almost every security software.

If anyone would like to discuss a particular update, please reply in this topic.

ky331

3 Apprentice

 • 

15.2K Posts

March 9th, 2009 07:00

Note:   Be sure to read the important DISCLAIMER included below!

the following has been copied/pasted from http://secunia.com/advisories/34036/2/

Foxit Reader (*)

Description:
Some [highly critical] vulnerabilities have been reported in Foxit Reader(*), which can be exploited by malicious people to compromise a user's system.

1) An error exists when processing JBIG2 symbol dictionary segments. This can be exploited to dereference uninitialised memory via a specially crafted PDF file.

This vulnerability is confirmed in version 3.0.2009.1301 and reported in versions 2.3 and 3.0.

2) A boundary error exists in the processing of actions defined in PDF files. This can be exploited to cause a stack-based buffer overflow when an action having an overly long filename argument is triggered.

This vulnerability is reported in version 3.0.

Successful exploitation of the vulnerabilities may allow execution of arbitrary code.

NOTE: Additionally, actions defined in PDF files were executed without asking for confirmation when a trigger condition was satisfied.

Solution:
Update to version 3.0 Build 1506 or version 2.3 Build 3902.

-----------------

(*)  DISCLAIMER:   Foxit Reader is a [limited] alternative to Adobe Reader --- both can be used to open/read .pdf files.   It has the advantage of being a much smaller download.   However, Foxit 3.x recently decided to include installation of the ASK toolbar, a non-essential "piggyback" which many consider adware (or spyware).   Moreover, despite the appearance of this being an optional add-on, it turns out, that upon UNchecking its "optional" inclusion, the Foxit program will no longer install!   As such, some forum members here that used to advocate Foxit Reader in place of Adobe's no longer do so.   For more details, see BugBatter's post at the bottom of the page here:   http://en.community.dell.com/forums/t/19259464.aspx?PageIndex=1 and Joe53's multiple comments on the following page http://en.community.dell.com/forums/t/19259464.aspx?PageIndex=2

For those who already have Foxit installed on their system, and who choose  to keep it... and want it to be secure... there may be no alternative to accepting this update.

joe53

1 Rookie

 • 

5.8K Posts

March 9th, 2009 13:00

Actually, you can still get the Foxit Reader without any trace of the toolbar or ebay link, if you download the .msi version from here:

http://www.foxitsoftware.com/pdf/reader/down_reader.htm

I did so last week, and can attest that it is a straightforward install, free of any reference to the Foxit Toolbar. As far as I can tell, this is not a crippled version (at least not for my simple needs).

You can update from within the program to the latest version via Help>Check for Updates> hilite Reader Update in the left section (under available updates)>Add button>Install button. This too did not install the toolbar (which is listed separately) when I updated today.

I still think Foxit is pretty sleazy- they know most users will opt to download the .exe version, which does contain the toolbar. But at least the Reader I now have works as well as the versions before they stooped to adding the toolbar.

 

View More

View All

No Events found!

Top