Security bulletins

Prompt response to software defects and security vulnerabilities has always been, and will continue to be, a top priority for Foxit. Even though threats are a fact of life, we are proud to support the most robust PDF solutions on the market. Please click here to report a potential security vulnerability.

 

Security updates available for Foxit Reader and Foxit PhantomPDF 7.3.4

 

Release date: March 16, 2016

Platform: Windows

Summary

Foxit has released Foxit Reader and Foxit PhantomPDF 7.3.4, which address security vulnerabilities that could potentially allow an attacker to execute remote code.

Affected versions

Product

Affected versions

Platform

Foxit Reader

7.3.0.118 and earlier

Windows

Foxit PhantomPDF

7.3.0.118 and earlier

Windows

Solution

Update your applications to the latest versions by following one of the instructions below.

  • From the “Help” tab of Foxit Reader or Foxit PhantomPDF, go to “Check for Update” and update to the latest version.
  • Click here to download the updated version of Foxit Reader.
  • Click here to download the updated version of Foxit PhantomPDF.

Vulnerability details

Brief

Acknowledgement

Fixed a security issue where the application could still use the pointer after the object it pointed had been removed, which could cause an application crash.

Mateusz Jurczyk, Google Project Zero

Fixed a security issue where the application could crash caused by the error in parsing malformed content stream.

Ke Liu of Tencent’s Xuanwu LAB

Fixed a security issue where the application recursively called the format error of some PDFs and led to no response when opening the PDF.

Ke Liu of Tencent’s Xuanwu LAB

Fixed a security issue where the application could not parse the image content in the document normally.

Jaanus Kp, Clarified Security, working with Trend Micro's Zero Day Initiative (ZDI)

Fixed a security issue where the destructor of the object whose generation number is -1 in the PDF file could release the file handle which had been imported by the application layer.

Mario Gomes(@NetFuzzer), working with Trend Micro's Zero Day Initiative (ZDI)

Fixed a security issue where the application could crash caused by the error in decoding corrupted images during PDF conversion with the gflags app enabled.

AbdulAziz Hariri, working with Trend Micro's Zero Day Initiative (ZDI)

Fixed a security issue where XFA’s underlying data failed to synchronize with that of PhantomPDF/Reader caused by the re-layout underlying XFA.

kdot, working with Trend Micro's Zero Day Initiative (ZDI)

Fixed a security issue where the application could call JavaScripts to do Save As or Print when closing the document.

AbdulAziz Hariri, working with Trend Micro's Zero Day Initiative (ZDI)

Fixed a security issue where the TimeOut function responded incorrectly and could cause the application crash.

AbdulAziz Hariri, working with Trend Micro's Zero Day Initiative (ZDI)

For more information, please contact Foxit Security Response Team at security-ml@foxitsoftware.com.  

Security updates available for Foxit Reader and Foxit PhantomPDF 7.3

 

Release date: Jan. 20, 2016

Platform: Windows

Summary

Foxit has released Foxit Reader and Foxit PhantomPDF 7.3, which address security vulnerabilities that could potentially allow an attacker to execute remote code.

Affected versions

Product

Affected versions

Platform

Foxit Reader

7.2.8.1124 and earlier

Windows

Foxit PhantomPDF

7.2.2.929 and earlier

Windows

Solution

Update your applications to the latest versions by following one of the instructions below.

  • From the “Help” tab of Foxit Reader or Foxit PhantomPDF, go to “Check for Update” and update to the latest version.
  • Click here to download the updated version of Foxit Reader.
  • Click here to download the updated version of Foxit PhantomPDF.

Vulnerability details

Brief

Acknowledgement

Fixed a security issue where the application could be exposed to the Font Parsing Use-After-Free Remote Code Execution Vulnerability.

Mario Gomes(@NetFuzzer), working with HP's Zero Day Initiative

Fixed a security issue where the application could be exposed to the Global setPersistent Use-After-Free Remote Code Execution Vulnerability.

AbdulAziz Hariri, HPE Zero Day Initiative, working with HP's Zero Day Initiative

Fixed a security issue where the application could be exposed to the WillClose Action Use-After-Free Remote Code Execution Vulnerability.

AbdulAziz Hariri, HPE Zero Day Initiative, working with HP's Zero Day Initiative

Fixed a security issue where the application could be exposed to remote code execution vulnerability when opening certain PDF file with images.

Rocco Calvi, working with HP's Zero Day Initiative

Fixed a security issue where the application could be exposed to XFA FormCalc Replace Integer Overflow Vulnerability.

HPE Zero Day Initiative, working with HP's Zero Day Initiative

Fixed a security issue where the application could be exposed to Remote Code Execution Vulnerability due to JBIG2 Out-of-Bounds Read.

kdot, working with HP's Zero Day Initiative

Fixed a security issue where the application could crash unexpectedly when parsing certain PDF files that contain malformed images.

Francis Provencher, COSIG

Fixed a security issue where the application could crash unexpectedly when converting certain image with incorrect image data.

kdot, working with HP's Zero Day Initiative

Fixed the Microsoft Windows Gdiplus GpRuntime::GpLock::GpLock Use-After-Free Remote Code Execution Vulnerability.

Jaanus Kp, Clarified Security, working with HP's Zero Day Initiative

Fixed a security issue where the application could be exposed to DLL hijacking vulnerability when trying to load xpsp2res.dll or phoneinfo.dll.

Ke Liu of Tencent’s Xuanwu LAB

For more information, please contact Foxit Security Response Team at security-ml@foxitsoftware.com.  

Security updates available for Foxit Reader and Foxit PhantomPDF 7.2.2

 

Release date: October 8, 2015

Platform: Windows

Summary

Foxit has released Foxit Reader and Foxit PhantomPDF 7.2.2, which fixed some security issues where the application could be exposed to some vulnerabilities or crash unexpectedly.

Affected versions

Product

Affected versions

Platform

Foxit Reader

7.2.0.722 and earlier

Windows

Foxit PhantomPDF

7.2.0.722 and earlier

Windows

Solution

Update your applications to the latest versions by following one of the instructions below.

  • From the “Help” tab of Foxit Reader or Foxit PhantomPDF, go to “Check for Update” and update to the latest version.
  • Click here to download the updated version of Foxit Reader.
  • Click here to download the updated version of Foxit PhantomPDF.

Vulnerability details

Brief

Acknowledgement

Fixed a security issue where attacker could exploit a Foxit Cloud Plugin vulnerability to execute arbitrary code.

Zhipeng Huo of Tencent's Xuanwu Lab

Fixed a security issue where the application could crash unexpectedly when opening certain secured PDF files.

kdot, working with HP's Zero Day Initiative

Fixed a security issue where the application could crash unexpectedly when opening a PDF file that contains incorrect gif data while being debugged by GFlags.exe.

Jaanus Kp of Clarified Security, working with HP's Zero Day Initiative

Fixed a security issue where the application could crash unexpectedly when opening a PDF file that contains incorrect inline image while being debugged by GFlags.exe.

Jaanus Kp of Clarified Security, working with HP's Zero Day Initiative

Fixed a security issue where the application could be exposed to an Out-of-Bounds Read Vulnerability when opening certain XFA forms.

Jaanus Kp of Clarified Security, working with HP's Zero Day Initiative

Fixed a security issue where the application could crash unexpectedly when printing certain PDF files.

AbdulAziz Hariri, working with HP's Zero Day Initiative

Fixed a security issue where the application could crash unexpectedly when saving certain PDF files.

AbdulAziz Hariri, working with HP's Zero Day Initiative

Fixed a security issue where the application could be exposed to Foxit Cloud Update Service Local Privilege Escalation Vulnerability.

AbdulAziz Hariri and Jasiel Spelman, working with HP's Zero Day Initiative

Fixed a security issue where the application could be exposed to Use-After-Free Vulnerability when executing print() or referencing App after closing the document.

AbdulAziz Hariri, working with HP's Zero Day Initiative

Fixed a security issue where the application could crash unexpectedly due to recursive reference.

Guillaume Endignoux of ANSSI

For more information, please contact Foxit Security Response Team at security-ml@foxitsoftware.com.  

Security updates available for Foxit Reader and Foxit PhantomPDF 7.2

 

Release date: July 29, 2015

Platform: Windows

Summary

Foxit has released Foxit Reader and Foxit PhantomPDF 7.2, which address security vulnerabilities that could potentially allow an attacker to execute remote code.

Affected versions

Product

Affected versions

Platform

Foxit Reader

7.1.5.425 and earlier

Windows

Foxit Enterprise Reader

7.1.5.425 and earlier

Windows

Foxit PhantomPDF

7.1.5.425 and earlier

Windows

Solution

Update your applications to the latest versions by following one of the instructions below.

  • From the “Help” tab of Foxit Reader or Foxit PhantomPDF, go to “Check for Update” and update to the latest version.
  • Click here to download the updated version of Foxit Reader.
  • Click here to download the updated version of Foxit PhantomPDF.

Vulnerability details

Brief

Acknowledgement

Fixed a security issue where attackers could exploit a PDF creator plugin vulnerability to execute arbitrary code.

Sascha Schirra

Fixed a security issue where the applications could be exposed to a remote code execution when converting a TIFF file to PDF file.

Steven Seeley of Source Incite, working with HP's Zero Day Initiative

Fixed a security issue where the applications could be exposed to a remote code execution vulnerability when converting a GIF file to PDF file.

Steven Seeley of Source Incite, working with HP's Zero Day Initiative

Fixed a security issue where memory corruption may occur when opening certain XFA forms.

Kai Lu of Fortinet's FortiGuard Labs

For more information, please contact Foxit Security Response Team at security-ml@foxitsoftware.com.  

Security updates available for Foxit MobilePDF for Android 3.3.2

 

Release date: May 18, 2015

Platform: Android

Summary

Foxit has released Foxit MobilePDF for Android 3.3.2, which addresses a security vulnerability that could potentially allow an attacker to intercept the username and password of user’s cloud service.

Affected versions

Product

Affected versions

Platform

Foxit MobilePDF for Android

3.3.1 and earlier

Android

Foxit MobilePDF Business for Android

3.3.1 and earlier

Android

Solution

Update your applications to the latest versions by following one of the instructions below.

  • Click here to download the updated version of Foxit MobilePDF for Android.
  • Click here to download the updated version of Foxit MobilePDF Business for Android.

Vulnerability details

Brief

Acknowledgement

Fixed a security issue where credentials of cloud services may be exposed to MITM attackers when users log in the cloud services from within Foxit MobilePDF.

Sam Bowne

For more information, please contact Foxit Security Response Team at security-ml@foxitsoftware.com.  

Security updates available for Foxit Reader, Foxit Enterprise Reader, and Foxit PhantomPDF 7.1.5

 

Release date: April 24, 2015

Platform: Windows

Summary

Foxit has released Foxit Reader, Foxit Enterprise Reader, and Foxit PhantomPDF 7.1.5, which address security vulnerabilities that could potentially allow an attacker to execute controlled crash.

Affected versions

Product

Affected versions

Platform

Foxit Reader

7.1.0.306 and 7.1.3.320

Windows

Foxit Enterprise Reader

7.1.0.306 and 7.1.3.320

Windows

Foxit PhantomPDF

7.1.0.306, 7.1.2.311, 7.1.3.320

Windows

Solution

Update your applications to the latest versions by following one of the instructions below.

  • From the “Help” tab of Foxit Reader, Foxit Enterprise Reader, or Foxit PhantomPDF, go to “Check for Update” and update to the latest version.
  • Click here to download the updated version of Foxit Reader.
  • Click here to download the updated version of Foxit Enterprise Reader.
  • Click here to download the updated version of Foxit PhantomPDF.

Vulnerability details

Brief

Acknowledgement

Fixed a security issue where memory corruption may occur when parsing a PDF file that contains an invalid stream.

Francis Provencher of Protek Research Lab's

Fixed a security issue where memory corruption may occur during digital signature verification.

Kai Lu of Fortinet's FortiGuard Labs

For more information, please contact Foxit Security Response Team at security-ml@foxitsoftware.com.  

Security updates available for Foxit Reader, Foxit Enterprise Reader, and Foxit PhantomPDF 7.1

 

Release date: March 9, 2015

Platform: Windows

Summary

Foxit has released Foxit Reader, Foxit Enterprise Reader, and Foxit PhantomPDF 7.1, which address security vulnerabilities that could potentially allow an attacker to execute malicious file or controlled crash.

Affected versions

Product

Affected versions

Platform

Foxit Reader

7.0.6.1126 and earlier

Windows

Foxit Enterprise Reader

7.0.6.1126 and earlier

Windows

Foxit PhantomPDF

7.0.6.1126 and earlier

Windows

Solution

Update your applications to the latest versions by following one of the instructions below.

  • From the “Help” tab of Foxit Reader, Foxit Enterprise Reader, or Foxit PhantomPDF, go to “Check for Update” and update to the latest version.
  • Click here to download the updated version of Foxit Reader.
  • Click here to download the updated version of Foxit Enterprise Reader.
  • Click here to download the updated version of Foxit PhantomPDF.

Vulnerability details

Brief

Acknowledgement

Fixed a security issue where attackers could exploit a Foxit Cloud plugin vulnerability to execute malicious files.

Aljaz Ceru of InSec

Fixed a security issue where memory corruption may occur when converting a GIF file with an invalid value in LZWMinimumCodeSize, which could lead to a controlled crash execution.

Francis Provencher of Protek Research Lab's

Fixed a security issue where memory corruption may occur when converting a GIF file with an invalid value in Ubyte Size in its DataSubBlock Structure, which could lead to a controlled crash execution.

Francis Provencher of Protek Research Lab's

For more information, please contact Foxit Security Response Team at security-ml@foxitsoftware.com.  

Security update available for Foxit PDF SDK ActiveX 5.0.2.924

 

Release date: September 29, 2014

Platform: Windows

Summary

Foxit has released Foxit PDF SDK ActiveX 5.0.2.924, which addresses a security vulnerability where applications built on Foxit PDF SDK ActiveX could be exposed to Buffer Overflow.

Affected versions

Product

Affected versions

Platform

Foxit PDF SDK ActiveX

2.3 to 5.0.1.820

Windows

Solution

Please contact our support team via support@foxitsoftware.com or 1-866-693-6948 (24/7) to upgrade to Foxit PDF SDK ActiveX 5.0.2.924.


Vulnerability details

Brief

Acknowledgement

Fixed a security issue where applications built on Foxit PDF SDK ActiveX may be exposed to Buffer Overflow when invoking “SetLogFile ()” method.

Andrea Micalizzi (rgod), working with Hewlett-Packard's Zero Day Initiative (ZDI)

For more information, please contact Foxit Security Response Team at security-ml@foxitsoftware.com.  

Security updates available for Foxit Reader, Foxit Enterprise Reader, and Foxit PhantomPDF 6.2.1

 

Release date: July 1, 2014

Platform: Windows

Summary

Foxit has released Foxit Reader, Foxit Enterprise Reader, and Foxit PhantomPDF 6.2.1 which address a security vulnerability that could potentially allow an attacker to execute malicious file.

Affected versions

Product

Affected versions

Platform

Foxit Reader

6.2.0.429 and earlier

Windows

Foxit Enterprise Reader

6.2.0.429 and earlier

Windows

Foxit PhantomPDF

6.2.0.429 and earlier

Windows

Solution

Update your applications to the latest versions by following one of the instructions below.

  • From the “Help” tab of Foxit Reader, Foxit Enterprise Reader, or Foxit PhantomPDF, go to “Check for Update” and update to the latest version.
  • Click here to download the updated version of Foxit Reader.
  • Click here to download the updated version of Foxit Enterprise Reader.
  • Click here to download the updated version of Foxit PhantomPDF.

Vulnerability details

Brief

Acknowledgement

Fixed a security issue caused by the Stored XSS vulnerability when reading and displaying filenames and their paths on the “Recent Documents” section from the Start Page.

Bernardo Rodrigues

For more information, please contact Foxit Security Response Team at security-ml@foxitsoftware.com.  

Security update available for Foxit PDF SDK DLL 3.1.1.5005

 

Release date: March 9, 2015

Platform: Windows

Summary

Foxit has released Foxit PDF SDK DLL 3.1.1.5005, which addresses a security vulnerability that could potentially allow an attacker to execute remote code.

Affected versions

Product

Affected versions

Platform

Foxit PDF SDK DLL

3.1.1.2927 and earlier

Windows

Solution

Please contact our support team via support@foxitsoftware.com or 1-866-693-6948 (24/7) to upgrade to Foxit PDF SDK DLL 3.1.1.5005.


Vulnerability details

Brief

Acknowledgement

Fixed a security issue where applications built on Foxit PDF SDK DLL may be exposed to Buffer Overflow Remote Code Execution Vulnerability when invoking “FPDFBookmark_GetTitle()” method.

Hewlett-Packard’s Zero Day Initiative (ZDI)

For more information, please contact Foxit Security Response Team at security-ml@foxitsoftware.com.  

Security update available for Foxit Reader 6.1.4

 

Release date: February 19, 2014

Platform: Windows

Summary

Foxit has released Foxit Reader 6.1.4, which addresses a security vulnerability that could potentially allow an attacker to execute malicious file.

Affected versions

Product

Affected versions

Platform

Foxit Reader

6.1.2.1224

Windows

Solution

Update your applications to the latest versions by following one of the instructions below.

  • From the “Help” tab of Foxit Reader, go to “Check for Update” and update to the latest version.
  • Click here to download the updated version of Foxit Reader.

Vulnerability details

Brief

Acknowledgement

Fixed a security issue where Foxit Reader tried to load imgseg.dll, which could be exploited.

Hossam Hosam

For more information, please contact Foxit Security Response Team at security-ml@foxitsoftware.com.  

Security updates available for Foxit Reader 5.4.5 and Foxit PhantomPDF 5.4.3

 

Release date: February 7, 2013

Platform: Windows

Summary

Foxit has released Foxit Reader 5.4.5 and Foxit PhantomPDF 5.4.3, which address a security vulnerability that could potentially allow an attacker to execute arbitrary code.

Affected versions

Product

Affected versions

Platform

Foxit Reader

5.4.4 and earlier

Windows

Foxit PhantomPDF

5.4.2 and earlier

Windows

Solution

Update your applications to the latest versions by following one of the instructions below.

  • From the “Help” menu of Foxit Reader or Foxit PhantomPDF, go to “Check for Updates Now” and update to the latest version.
  • Click here to download the updated version of Foxit Reader.
  • Click here to download the updated version of Foxit PhantomPDF.

Vulnerability details

Brief

Acknowledgement

Fixed a security issue where attackers can exploit a web browser plugin vulnerability to execute arbitrary code.

Secunia

For more information, please contact Foxit Security Response Team at security-ml@foxitsoftware.com.  

Security update available for Foxit Advanced PDF Editor 3.0.4.0

 

Release date: January 14, 2013

Platform: Windows

Summary

Foxit has released Foxit Advanced PDF Editor 3.0.4.0, which addresses a security vulnerability that could potentially allow an attacker to execute arbitrary code.

Affected versions

Product

Affected versions

Platform

Foxit Advanced PDF Editor

3.0.0.0

Windows

Solution

Update your applications to the latest versions by following one of the instructions below.

  • From the “Help” menu of Foxit Reader, go to “Check for Updates Now” and update to the latest version.

Vulnerability details

Brief

Acknowledgement

Fixed a security issue where hackers can run arbitrary code by repairing a STATUS_STACK_BUFFER_OVERRUN exception.

CERT Coordination Center

For more information, please contact Foxit Security Response Team at security-ml@foxitsoftware.com.  

Security update available for Foxit Reader 5.4.3

 

Release date: September 26, 2012

Platform: Windows

Summary

Foxit has released Foxit Reader 5.4.3, which addresses a security vulnerability that could potentially allow an attacker to execute arbitrary code.

Affected versions

Product

Affected versions

Platform

Foxit Reader

5.4.2.0901 and earlier

Windows

Solution

Update your applications to the latest versions by following one of the instructions below.

  • From the “Help” menu of Foxit Reader, go to “Check for Updates Now” and update to the latest version.
  • Click here to download the updated version.

Vulnerability details

Brief

Acknowledgement

Fixed a security issue where the insecure application loading libraries could be exploited to attack the application.

Parvez Anwar of Secunia SVCRP

For more information, please contact Foxit Security Response Team at security-ml@foxitsoftware.com.  

Security update available for Foxit Reader 5.4

 

Release date: September 6, 2012

Platform: Windows

Summary

Foxit has released Foxit Reader 5.4, which addresses a security vulnerability that could potentially allow an attacker to execute malicious file.

Affected versions

Product

Affected versions

Platform

Foxit Reader

5.3.1.0606 and earlier

Windows

Solution

Update your applications to the latest versions by following one of the instructions below.

  • From the “Help” menu of Foxit Reader, go to “Check for Updates Now” and update to the latest version.
  • Click here to download the updated version.

Vulnerability details

Brief

Acknowledgement

Fixed an issue where Foxit Reader may call and run malicious code in the Dynamic Link Library (DLL) file.

Remy Brands

For more information, please contact Foxit Security Response Team at security-ml@foxitsoftware.com.  

Security update available for Foxit Reader 5.3

 

Release date: May 3, 2012

Platform: Windows

Summary

Foxit has released Foxit Reader 5.3, which addresses a security vulnerability that could potentially allow an attacker to execute remote code.

Affected versions

Product

Affected versions

Platform

Foxit Reader

5.1.4.0104 and earlier

Windows

Solution

Update your applications to the latest versions by following one of the instructions below.

  • From the “Help” menu of Foxit Reader, go to “Check for Updates Now” and update to the latest version.
  • Click here to download the updated version.

Vulnerability details

Brief

Acknowledgement

Fixed an issue where users cannot open the attachments of PDF files in XP and Windows7.

John Leitch of Microsoft Vulnerability Research

For more information, please contact Foxit Security Response Team at security-ml@foxitsoftware.com.  

Security update available for Foxit Reader 5.1.3

 

Release date: December 7, 2011

Platform: Windows

Summary

Foxit has released Foxit Reader 5.1.3, which addresses a security vulnerability that could potentially allow an attacker to execute controlled crash.

Affected versions

Product

Affected versions

Platform

Foxit Reader

5.1.0.1021 and earlier

Windows

Solution

Update your applications to the latest versions by following one of the instructions below.

  • From the “Help” menu of Foxit Reader, go to “Check for Updates Now” and update to the latest version.
  • Click here to download the updated version.

Vulnerability details

Brief

Acknowledgement

Fixed an issue caused by the cross-border assignment of an array which may result in memory corruption vulnerabilities when opening certain PDF files.

Alex Garbutt of iSEC Partners, Inc.

For more information, please contact Foxit Security Response Team at security-ml@foxitsoftware.com.  

Security update available for Foxit Reader 5.0.2

 

Release date: July 21, 2011

Platform: Windows

Summary

Foxit has released Foxit Reader 5.0.2, which addresses security vulnerabilities that could potentially allow an attacker to execute arbitrary code.

Affected versions

Product

Affected versions

Platform

Foxit Reader

5.0 and earlier

Windows

Solution

Update your applications to the latest versions by following one of the instructions below.

  • From the “Help” menu of Foxit Reader, go to “Check for Updates Now” and update to the latest version.
  • Click here to download the updated version.

Vulnerability details

Brief

Acknowledgement

Fixed a security issue of arbitrary code execution when opening certain PDF files.

Rob Kraus of Security Consulting Services (SCS)

Fixed an issue of Foxit Reader when opening certain PDF files in a web browser.

Dmitriy Pletnev of Secunia Research

For more information, please contact Foxit Security Response Team at security-ml@foxitsoftware.com.  

Security update available for Foxit Reader 5.0

 

Release date: May 26, 2011

Platform: Windows

Summary

Foxit has released Foxit Reader 5.0, which addresses a security vulnerability that could potentially allow an attacker to execute malicious code.

Affected versions

Product

Affected versions

Platform

Foxit Reader

4.3.1.0218 and earlier

Windows

Solution

Update your applications to the latest versions by following one of the instructions below.

  • From the “Help” menu of Foxit Reader, go to “Check for Updates Now” and update to the latest version.
  • Click here to download the updated version.

Vulnerability details

Brief

Acknowledgement

Fixed an issue of Foxit Reader when opening some affected PDF files.

Brett Gervasoni of Sense of Security Pty Ltd

For more information, please contact Foxit Security Response Team at security-ml@foxitsoftware.com.  

Security update available for Foxit Reader 4.3.1.0218

 

Release date: February 24, 2011

Platform: Windows

Summary

Foxit has released Foxit Reader 4.3.1.0218, which addresses a security vulnerability that could potentially allow an attacker to execute remote code.

Affected versions

Product

Affected versions

Platform

Foxit Reader

4.3 and earlier

Windows

Solution

Update your applications to the latest versions by following one of the instructions below.

  • From the “Help” menu of Foxit Reader, go to “Check for Updates Now” and update to the latest version.
  • Click here to download the updated version.

Vulnerability details

Brief

Acknowledgement

Fixed an issue of the Foxit Reader software that is caused by illegal accessing memory.

Secunia Research

For more information, please contact Foxit Security Response Team at security-ml@foxitsoftware.com.  

Security update available for Foxit Reader 4.2

 

Release date: September 29, 2010

Platform: Windows

Summary

Foxit has released Foxit Reader 4.2, which addresses a security vulnerability that could potentially allow an attacker to compromise the digital signature.

Affected versions

Product

Affected versions

Platform

Foxit Reader

4.1 and earlier

Windows

Solution

Update your applications to the latest versions by following one of the instructions below.

  • From the “Help” menu of Foxit Reader, go to “Check for Updates Now” and update to the latest version.
  • Click here to download the updated version.

Vulnerability details

Brief

Acknowledgement

Fixed identity theft issue caused by the security flaw of the digital signature.

Foxit

For more information, please contact Foxit Security Response Team at security-ml@foxitsoftware.com.  

Security update available for Foxit Reader 4.1.1.0805

 

Release date: August 6, 2010

Platform: Windows

Summary

Foxit has released Foxit Reader 4.1.1.0805, which addresses a security vulnerability that could potentially allow an attacker to execute controlled crash.

Affected versions

Product

Affected versions

Platform

Foxit Reader

4.0 and earlier

Windows

Solution

Update your applications to the latest versions by following one of the instructions below.

  • From the “Help” menu of Foxit Reader, go to “Check for Updates Now” and update to the latest version.
  • Click here to download the updated version.

Vulnerability details

Brief

Acknowledgement

Fixed the crash issue caused by the new iPhone/iPad jailbreak program efficiently and prevents the malicious attacks to your computer.

Foxit

For more information, please contact Foxit Security Response Team at security-ml@foxitsoftware.com.  

Security update available for Foxit Reader 4.0.0.0619

 

Release date: June 29, 2010

Platform: Windows

Summary

Foxit has released Foxit Reader 4.0.0.0619, which addresses a security vulnerability that could potentially allow an attacker to execute controlled crash.

Affected versions

Product

Affected versions

Platform

Foxit Reader

4.0 and earlier

Windows

Solution

Update your applications to the latest versions by following one of the instructions below.

  • From the “Help” menu of Foxit Reader, go to “Check for Updates Now” and update to the latest version.
  • Click here to download the updated version.

Vulnerability details

Brief

Acknowledgement

Fixed an issue caused by numerical overflow in the freetype engine when opening some PDF files.

David Seidman of Microsoft and Microsoft Vulnerability Research (MSVR)

For more information, please contact Foxit Security Response Team at security-ml@foxitsoftware.com.  

Security update available for Foxit Reader 3.2.1.0401

 

Release date: April 1, 2010

Platform: Windows

Summary

Foxit has released Foxit Reader 3.2.1.0401, which addresses a security vulnerability that could potentially allow an attacker to execute the embedded program inside a PDF.

Affected versions

Product

Affected versions

Platform

Foxit Reader

3.2.0.0303

Windows

Solution

Update your applications to the latest versions by following one of the instructions below.

  • From the “Help” menu of Foxit Reader, go to “Check for Updates Now” and update to the latest version.
  • Click here to download the updated version.

Vulnerability details

Brief

Acknowledgement

Fixed a security issue that Foxit Reader runs an executable embedded program inside a PDF automatically without asking for user's permission.

Didier Stevens

For more information, please contact Foxit Security Response Team at security-ml@foxitsoftware.com.  

Security update available for Firefox Plugin 1.1.2009.1117 for Foxit Reader

 

Release date: November 17, 2009

Platform: Windows

Summary

Foxit has released Firefox Plugin 1.1.2009.1117 for Foxit Reader, which addresses memory corruption vulnerability.

Affected versions

Product

Affected versions

Platform

Foxit Reader

3.1.2.1013 and 3.1.2.1030

Windows

Solution

  • Click here to download the updated version of Firefox Plugin for Foxit Reader.

Vulnerability details

Brief

Acknowledgement

Fixed a security issue caused by an error in the Foxit Reader plugin for Firefox (npFoxitReaderPlugin.dll), which could be exploited to trigger a memory corruption.

Foxit and Secunia

For more information, please contact Foxit Security Response Team at security-ml@foxitsoftware.com.  

Security updates available for Foxit Reader 3.0 and JPEG2000/JBIG2 Decoder

 

Release date: June 19, 2009

Platform: Windows

Summary

Foxit has released Foxit Reader 3.0 Build 1817 and JPEG2000/JBIG2 Decoder add-on version 2.0 Build 2009.616, which address security vulnerabilities that could potentially result in invalid address access.

Affected versions

Product

Affected versions

Platform

Foxit Reader

3.0

Windows

JPEG2000/JBIG2 Decoder Add-on

2.0.2009.303

Windows

Solution

Update your applications to the latest versions by following one of the instructions below.

  • From the “Help” menu of Foxit Reader, go to “Check for Updates Now” and update to the latest version.
  • Click here to download the updated version of Foxit Reader.
  • Click here to download the updated version of JPEG2000/JBIG2 Decoder Add-on.

Vulnerability details

Brief

Acknowledgement

Fixed a problem related to negative stream offset (in malicious JPEG2000 stream) which caused reading data from an out-of-bound address.

CERT

Fixed a problem related to error handling when decoding JPEG2000 header, an uncaught fatal error resulted a subsequent invalid address access.

CERT

For more information, please contact Foxit Security Response Team at security-ml@foxitsoftware.com.  

Security update available for Foxit Reader 3.0 Build 1506

 

Release date: March 9 2009

Platform: Windows

Summary

Foxit has released Foxit Reader 3.0 Build 1506, which addresses stack-based buffer overflow and security authorization bypass vulnerabilities.

Affected versions

Product

Affected versions

Platform

Foxit Reader

3.0

Windows

Solution

Update your applications to the latest versions by following one of the instructions below.

  • From the “Help” menu of Foxit Reader, go to “Check for Updates Now” and update to the latest version.
  • Click here to download the updated version of Foxit Reader.

Vulnerability details

Brief

Acknowledgement

Fixed a stack-based buffer overflow vulnerability.

Foxit Security Response Team

Fixed a security authorization bypass vulnerability.

Foxit Security Response Team

For more information, please contact Foxit Security Response Team at security-ml@foxitsoftware.com.  

Security update available for Foxit Reader 2.3 Build 3902

 

Release date: March 9 2009

Platform: Windows

Summary

Foxit has released Foxit Reader 2.3 Build 3902, which addresses security authorization bypass vulnerability.

Affected versions

Product

Affected versions

Platform

Foxit Reader

2.3

Windows

Solution

Update your applications to the latest versions by following one of the instructions below.

  • From the “Help” menu of Foxit Reader, go to “Check for Updates Now” and update to the latest version.
  • Click here to download the updated version of Foxit Reader.

Vulnerability details

Brief

Acknowledgement

Fixed a security authorization bypass vulnerability.

Foxit Security Response Team

For more information, please contact Foxit Security Response Team at security-ml@foxitsoftware.com.  

Security update available for JPEG2000/JBIG Decoder Add-on 2.0.2009.303

 

Release date: March 9, 2009

Platform: Windows

Summary

Foxit has released JPEG2000/JBIG Decoder Add-on 2.0.2009.303, which addresses JBIG2 symbol dictionary processing vulnerability.

Affected versions

Product

Affected versions

Platform

JPEG2000/JBIG Decoder Add-on

2.0.2008.715 in Foxit Reader 3.0 and Foxit Reader 2.3

Windows

Solution

Update your applications to the latest versions by following one of the instructions below.

  • From the “Help” menu of Foxit Reader, go to “Check for Updates Now” and update to the latest version.
  • Click here to download the updated version of JPEG2000/JBIG Decoder Add-on.

Vulnerability details

Brief

Acknowledgement

Fixed a JBIG2 symbol dictionary processing vulnerability.

Secunia

For more information, please contact Foxit Security Response Team at security-ml@foxitsoftware.com.  

Ask Toolbar ToolbarSettings ActiveX Control Buffer Overflow

 

The ask.com toolbar Foxit is bundling, is not the same version as reported on secunia.com, and doesn't have the reported vulnerability.

Click here to check the related report on secunia.com