A recently discovered critical vulnerability allowing arbitrary remote code execution in a browser plug-in component of PDF viewer application Foxit Reader has been patched, according to the vendor. The vulnerability was publicly disclosed on January 7 by independent security researcher Andrea Micalizzi, according to IDG News Service. Foxit announced January 17 that it had issued a patch.
“Foxit Reader 5.4.5 fixed a security issue where attackers can exploit a web browser plugin vulnerability to execute arbitrary code,” the company wrote in an advisory on its website. “The vulnerability is caused by a boundary error in the Foxit Reader plugin for web browsers (npFoxitReaderPlugin.dll) when processing a URL and can be exploited to cause a stack-based buffer overflow via an overly long file name in the URL.”
The vulnerable plug-in is automatically installed for Mozilla Firefox, Google Chrome and Safari web browsers, IDG News Services noted. Users can download the patch from the Reader menu or the Foxit website.
According to IDG, Foxit is often seen by security professionals as a more secure alternative to Adobe Reader and that the company advertises itself as “the most secure PDF reader” on its website. The vendor claims to have more than 130 million users.
While PDF exploits have become less common than they once were, they are still present in many web exploit toolkits, and hackers continue to use them on outdated versions of Adobe Reader, IDG reported. Attacks on Reader made up 28 percent of security incidents involving vulnerability exploits in 2012, according to researchers at Kaspersky Lab.
Software news brought to you by Klocwork Inc., dedicated to helping software developers create better code with every keystroke.