August 22, 2017
Zero Day Vulnerabilities (CVE-2017-10951; CVE-2017-10952) with Foxit Reader and PhantomPDF
5. How to check and re-enable “Safe Reading Mode” in PhantomPDF and Reader
For end user of PhantomPDF or Reader, please go to Preference > Trust Manager
For users who want to configure thru Window's Registry
For IT or system admin who want to batch configure, please use GPO template http://cdn01.foxitsoftware.com/pub/foxit/manual/reader/en_us/FoxitEnterpriseDeploymentAndConfiguration_831.pdf
March 15, 2017
Foxit Reader is a fast, affordable, and secure way to view PDF files. Over 425 million users have already made the switch to Foxit Reader. If you are not already using Foxit to manage all your PDFs, we encourage you to upgrade today. The latest version of Foxit Reader is available on our website: https://www.foxitsoftware.com/pdf-reader/.
At the core of Foxit Reader is a secure processing engine that is also powering platforms such as Google Chrome, Google Gmail, and Amazon Kindle. Billions of people confidently exchange sensitive over these platforms.
Even in the face of continual threats from hackers and other threats, Foxit Reader is secure enough to withstand any cybersecurity attack. It is important, therefore, that you use authentic Foxit software.
Recently some of our customers alerted us about Foxit Reader being listed in Vault 7: CIA hacking tools revealed. They stated the following two new DLL hijack issues with Foxit Reader:
#1 - Foxit Reader attempts to auto update itself, looking for a DLL named “UpdateLOC.dll” from its plugins folder (\Foxit Reader\plugins).
We confirm that there’s no “UpdateLOC.dll” under its plugins folder (\Foxit Reader\plugins), so there’s no such hijack issue in Foxit Reader.
#2 - Foxit attempts to load the system DLL “msimg32.dll” adjacent to itself first (\app\Foxit Reader\) before loading it in the proper location.
We don’t attempt to load the system DLL “msimg32.dll” adjacent to itself first (\app\Foxit Reader\) as we call GetSystemDirectory() directly to get the real msimg32.dll. Foxit use a fully qualified path name when loading “msimg32.dll”, so there’s no such hijack issue in Foxit Reader.
More information about guidance for developers on how to load libraries securely can be found at https://blogs.technet.microsoft.com/srd/2010/08/23/more-information-about-the-dll-preloading-remote-attack-vector/. “While there are several affected situations, described in detail in the above MSDN article, our general recommendations are: Where possible, use a fully qualified path name when loading a library; ….”
Please don’t hesitate to contact us if you have any questions: email@example.com.
May 22, 2016
Foxit© Reader is a fast, secure and inexpensive way to view PDF files. Over 400 million people have already made the switch to Foxit Reader. If you are not already using Foxit to manage all your PDFs, we encourage you to upgrade today. The latest version of Foxit Reader is available on our website: https://www.foxitsoftware.com/pdf-reader/.
At the core of Foxit Reader is a secure processing engine that is also powering platforms such as Google Chrome, Google Gmail and Amazon Kindle. Billions of people exchange sensitive over these platforms and do so confidently.
Even in the face of continual threats from hackers and other criminals, Foxit Reader is secure enough to withstand any cybersecurity attack. It is important, therefore, that you use authentic Foxit Software.
Some of our customers find it more convenient to download Foxit Reader from one of our partner sites. No matter where you are downloading our software from, be sure to confirm that Foxit Software Incorporated is identified as the verified publisher when the User Account Control popup window appears (see figure 1 below). The Foxit logo should also be included in the window.
Figure 1: User Account Control popup window confirming authenticity of Foxit Reader software download
If you have previously downloaded Foxit Reader and are unsure about the authenticity of your reader, follow these steps:
- Double click on the install directory and locate the FoxitReader.exe file
- Right click on the .exe file and select Properties
- In the FoxitReader Properties Window, choose the Digital Signatures tab and check that the file is signed by Foxit Software Incorporated (see figure 2 below).
Figure 2: Digital Signature Details popup window confirming authenticity of Foxit Reader software installation
Don't risk of exposing yourself to security risks—use only genuine Foxit Software.
Please don't hesitate to contact us if you have any questions: firstname.lastname@example.org.
March 15, 2011
Support Note: Secunia Advisory SA43776
specially crafted PDF file. This function could be taken advantage of maliciously and compromise the security of your computer.
To protect against harm, Foxit Reader users need to update their Reader to the latest version and then enable Safe Reading Mode. The most up-to-date Foxit Reader can be installed by choosing the Help->Check for Updates Now. When the pop-up box appears, click on the Preferences box on the bottom and then enable the automatically
check for Foxit updates function. Enabling Safe Reading Mode can be accomplished by choosing Tools->Preference->Trust Manager and then by clicking the option of Enable Safe Reading Mode. This can also be done during initial installation of the Foxit Reader. Safe Reading Mode enables users to control unauthorized actions and data
if you have any questions regarding this advisory, or any other questions, please contact Foxit by phone (+1-866-MYFOXIT or +1-866-693-6948) or enter a trouble ticket via our Support Portal.