Three Security Vulnerabilities Fixed in Foxit Reader 3.0

Fremont, Calif. – Mar. 9, 2009 - Today, Foxit is proud to announce an updated version of Foxit Reader V3.0 Build 1506. Foxit has fixed three major vulnerabilities below which would cause the application to crash and could potentially allow an attacker to take control of the affected system. Foxit took these issues seriously and our Technical Team resolved the relevant security issues efficiently within a couple days, and now Foxit Reader 3.0 is even more stable than before.

Foxit also confirms that the earlier version, Foxit Reader 2.3, is also vulnerable to security authorization bypass issue and JBIG2 symbol dictionary processing issue, and they have been fixed at the same time. Today, Foxit also released the updated version of Foxit Reader V2.3 Build 3902. So, those who keep using this old version can download the updated version from here now.

The ask.com toolbar Foxit is bundling, is NOT the same version as reported on secunia.com, and doesn’t have the reported vulnerability.
Click here to check the related report on secunia.com.

Vulnerabilities Fixed:
  • Fixed the issue of stack-based buffer overflow.

° Foxit PDF files include actions associated with different triggers. If an action (Open/Execute a file, Open a web link, etc.) is defined in the PDF files with an overly long filename argument and the trigger condition is satisfied, it will cause a stack-based buffer overflow.

  • Fixed the issue of security authorization bypass.

° If an action (Open/Execute a file, Open a web link, etc.) is defined in the PDF files and the trigger condition is satisfied, Foxit Reader will do the action defined by the creator of the PDF file without popping up a dialog box to confirm.

  • Fixed the issue of JBIG2 Symbol Dictionary Processing

° While decoding a JBIG2 symbol dictionary segment, an array of 32-bit elements is allocated having a size equal to the number of exported symbols, but left uninitialised if the number of new symbols is zero. The array is later accessed and values from uninitialised memory are used as pointers when reading memory and performing calls.

Click here to learn more about Foxit security bulletins.

Download

Click here to download the latest Foxit Reader 3.0 now!


About Foxit Corporation

Founded in 2001, Foxit Corporation has been working on the electronic publishing and documenting field focusing on the implementation of PDF Core technology. Today, Foxit has become an industrial leader by offering its platform independent core technology capable of supporting PDF and other standard e-documenting formats. Foxit's product line covers multiple types of PDF applications across various mobile platforms and desktop platforms. Foxit is also a pioneer in offering OnDemand CM, a service-based content management system, built on a patent pending technology. In addition to Foxit's online paperless document services, Foxit maintains its efforts to stay green with the development of its new eBook reader, "eSlick," a device that eliminates the need for textbooks and any other documents that would normally be printed onto paper. For Foxit, pursuing environmental excellence has always been the top priority. For more information, please visit www.foxitsoftware.com.