Security bulletins

Prompt response to software defects and security vulnerabilities has always been, and will continue to be, a top priority for Foxit. Even though threats are a fact of life, we are proud to support the most robust PDF solutions on the market. Please click here to report a potential security vulnerability.

 

Security updates available for Foxit Reader and Foxit PhantomPDF 7.3

 

Release date: Jan. 20, 2016

Last updated: Jan. 20, 2016

Platform: Windows

Summary

Foxit has released Foxit Reader and Foxit PhantomPDF 7.3, which address security vulnerabilities that could potentially allow an attacker to execute remote code.

Affected versions

Product

Affected versions

Platform

Foxit Reader

7.2.8.1124 and earlier

Windows

Foxit PhantomPDF

7.2.2.929 and earlier

Windows

Solution

Update your applications to the latest versions by following one of the instructions below.

  • From the “Help” tab of Foxit Reader or Foxit PhantomPDF, go to “Check for Update” and update to the latest version.
  • Click here to download the updated version of Foxit Reader.
  • Click here to download the updated version of Foxit PhantomPDF.

Vulnerability details

Brief

Acknowledgement

Fixed a security issue where the application could be exposed to the Font Parsing Use-After-Free Remote Code Execution Vulnerability.

Mario Gomes(@NetFuzzer), working with HP's Zero Day Initiative

Fixed a security issue where the application could be exposed to the Global setPersistent Use-After-Free Remote Code Execution Vulnerability.

AbdulAziz Hariri, HPE Zero Day Initiative, working with HP's Zero Day Initiative

Fixed a security issue where the application could be exposed to the WillClose Action Use-After-Free Remote Code Execution Vulnerability.

AbdulAziz Hariri, HPE Zero Day Initiative, working with HP's Zero Day Initiative

Fixed a security issue where the application could be exposed to remote code execution vulnerability when opening certain PDF file with images.

Rocco Calvi, working with HP's Zero Day Initiative

Fixed a security issue where the application could be exposed to XFA FormCalc Replace Integer Overflow Vulnerability.

HPE Zero Day Initiative, working with HP's Zero Day Initiative

Fixed a security issue where the application could be exposed to Remote Code Execution Vulnerability due to JBIG2 Out-of-Bounds Read.

kdot, working with HP's Zero Day Initiative

Fixed a security issue where the application could crash unexpectedly when parsing certain PDF files that contain malformed images.

Francis Provencher, COSIG

Fixed a security issue where the application could crash unexpectedly when converting certain image with incorrect image data.

kdot, working with HP's Zero Day Initiative

Fixed the Microsoft Windows Gdiplus GpRuntime::GpLock::GpLock Use-After-Free Remote Code Execution Vulnerability.

Jaanus Kp, Clarified Security, working with HP's Zero Day Initiative

Fixed a security issue where the application could be exposed to DLL hijacking vulnerability when trying to load xpsp2res.dll or phoneinfo.dll.

Ke Liu of Tencent’s Xuanwu LAB

For more information, please contact Foxit Security Response Team at security-ml@foxitsoftware.com.  

Fixed a security issue where attacker could exploit a Foxit Cloud Plugin vulnerability to execute arbitrary code.

SUMMARY

Foxit Reader 7.2.2 fixed a security issue where attackers could exploit a Foxit Cloud Plugin vulnerability to execute arbitrary code. This vulnerability is caused by the insecure inter-process communication of Foxit Cloud Update Service due to lack of path or signature validation for the executable file, which could be exploited by attackers to execute arbitrary code under the System account.

Affected Versions
  • Foxit Reader 6.1 to Foxit Reader 7.2.0.722
Fixed in Version
  • Foxit Reader 7.2.2

SOLUTION

Please do one of the followings:

  • Please go to “Check for Update” from the “Help” menu of Foxit Reader to update to the latest version of Foxit Reader 7.2.2.
  • Click here to download the updated version of Foxit Reader.

SECURITY PROCESS

  • 2015-10-10: Zhipeng Huo of Tencent's Xuanwu Lab found the issue;
  • 2015-10-12: Foxit Security Response Team confirmed the issue;
  • 2015-09-28: Foxit fixed the issue;
  • 2015-10-08: Foxit released fixed version of Foxit Reader 7.2.2.

Fixed a security issue where the application could crash unexpectedly when opening certain secured PDF files.

SUMMARY

Foxit Reader 7.2.2 and Foxit PhantomPDF 7.2.2 fixed a security issue where the application could crash unexpectedly when opening certain secured PDF files. This vulnerability is caused by memory overflow resulting from unusually long PDF stream, which could be exploited by attackers to execute a controlled crash.

Affected Versions
  • Foxit Reader 7.2.0.722 and earlier
  • Foxit PhantomPDF 7.2.0.722 and earlier
Fixed in Version
  • Foxit Reader 7.2.2
  • Foxit PhantomPDF 7.2.2

SOLUTION

Please do one of the followings:

  • Please go to “Check for Update” from the “Help” menu of Foxit Reader or Foxit PhantomPDF to update to the latest version of Foxit Reader 7.2.2 or Foxit PhantomPDF 7.2.2.
  • Click here to download the updated version of Foxit Reader.
  • Click here to download the updated version of Foxit PhantomPDF.

SECURITY PROCESS

  • 2015-09-25: kdot working with HP's Zero Day Initiative found the issue;
  • 2015-09-25: Foxit Security Response Team confirmed the issue;
  • 2015-09-28: Foxit fixed the issue;
  • 2015-10-08: Foxit released fixed version of Foxit Reader 7.2.2/Foxit PhantomPDF 7.2.2.

Fixed a security issue where the application could crash unexpectedly when opening a PDF file that contains incorrect gif data while being debugged by GFlags.exe.

SUMMARY

Foxit Reader 7.2.2 and Foxit PhantomPDF 7.2.2 fixed a security issue where the application could crash unexpectedly when opening a PDF file that contains incorrect gif data while being debugged by GFlags.exe. This vulnerability is caused by palette index overflow. Attackers could exploit this vulnerability and intentionally generate such files that cause the application crash.

Affected Versions
  • Foxit Reader 7.2.0.722 and earlier
  • Foxit PhantomPDF 7.2.0.722 and earlier
Fixed in Version
  • Foxit Reader 7.2.2
  • Foxit PhantomPDF 7.2.2

SOLUTION

Please do one of the followings:

  • Please go to “Check for Update” from the “Help” menu of Foxit Reader or Foxit PhantomPDF to update to the latest version of Foxit Reader 7.2.2 or Foxit PhantomPDF 7.2.2.
  • Click here to download the updated version of Foxit Reader.
  • Click here to download the updated version of Foxit PhantomPDF.

SECURITY PROCESS

  • 2015-09-16: Jaanus Kp of Clarified Security working with HP's Zero Day Initiative found the issue;
  • 2015-09-28: Foxit Security Response Team confirmed the issue;
  • 2015-09-28: Foxit fixed the issue;
  • 2015-10-08: Foxit released fixed version of Foxit Reader 7.2.2/Foxit PhantomPDF 7.2.2.

Fixed a security issue where the application could crash unexpectedly when opening a PDF file that contains incorrect inline image while being debugged by GFlags.exe.

SUMMARY

Foxit Reader 7.2.2 and Foxit PhantomPDF 7.2.2 fixed a security issue where the application could crash unexpectedly when opening a PDF file that contains incorrect inline image while being debugged by GFlags.exe. The incorrect inline image disorders the parser and frees memory object improperly, which could be exploited by attackers to execute a controlled crash.

Affected Versions
  • Foxit Reader 7.2.0.722 and earlier
  • Foxit PhantomPDF 7.2.0.722 and earlier
Fixed in Version
  • Foxit Reader 7.2.2
  • Foxit PhantomPDF 7.2.2

SOLUTION

Please do one of the followings:

  • Please go to “Check for Update” from the “Help” menu of Foxit Reader or Foxit PhantomPDF to update to the latest version of Foxit Reader 7.2.2 or Foxit PhantomPDF 7.2.2.
  • Click here to download the updated version of Foxit Reader.
  • Click here to download the updated version of Foxit PhantomPDF.

SECURITY PROCESS

  • 2015-09-16: Jaanus Kp of Clarified Security working with HP's Zero Day Initiative found the issue;
  • 2015-09-28: Foxit Security Response Team confirmed the issue;
  • 2015-09-28: Foxit fixed the issue;
  • 2015-10-08: Foxit released fixed version of Foxit Reader 7.2.2/Foxit PhantomPDF 7.2.2.

Fixed a security issue where the application could be exposed to an Out-of-Bounds Read Vulnerability when opening certain XFA forms.

SUMMARY

Foxit Reader 7.2.2 and Foxit PhantomPDF 7.2.2 fixed a security issue where the application could be exposed to an Out-of-Bounds Read Vulnerability when opening certain XFA forms. This vulnerability is caused by incorrect JPEG data that could be exploited by attackers to execute a controlled crash.

Affected Versions
  • Foxit Reader 7.2.0.722 and earlier
  • Foxit PhantomPDF 7.2.0.722 and earlier
Fixed in Version
  • Foxit Reader 7.2.2
  • Foxit PhantomPDF 7.2.2

SOLUTION

Please do one of the followings:

  • Please go to “Check for Update” from the “Help” menu of Foxit Reader or Foxit PhantomPDF to update to the latest version of Foxit Reader 7.2.2 or Foxit PhantomPDF 7.2.2.
  • Click here to download the updated version of Foxit Reader.
  • Click here to download the updated version of Foxit PhantomPDF.

SECURITY PROCESS

  • 2015-09-16: Jaanus Kp of Clarified Security working with HP's Zero Day Initiative found the issue;
  • 2015-09-16: Foxit Security Response Team confirmed the issue;
  • 2015-09-18: Foxit fixed the issue;
  • 2015-10-08: Foxit released fixed version of Foxit Reader 7.2.2/Foxit PhantomPDF 7.2.2.

Fixed a security issue where the application could crash unexpectedly when printing certain PDF files.

SUMMARY

Foxit Reader 7.2.2 and Foxit PhantomPDF 7.2.2 fixed a security issue where the application could crash unexpectedly when printing certain PDF files containing a vulnerable JavaScript function. When users try to print such a PDF file, the “CloseDocument” function is invoked and the document is closed. Therefore, any interaction with the PDF file could terminate the application. Attackers could exploit this vulnerability to execute a controlled crash.

Affected Versions
  • Foxit Reader 7.2.0.722 and earlier
  • Foxit PhantomPDF 7.2.0.722 and earlier
Fixed in Version
  • Foxit Reader 7.2.2
  • Foxit PhantomPDF 7.2.2

SOLUTION

Please do one of the followings:

  • Please go to “Check for Update” from the “Help” menu of Foxit Reader or Foxit PhantomPDF to update to the latest version of Foxit Reader 7.2.2 or Foxit PhantomPDF 7.2.2.
  • Click here to download the updated version of Foxit Reader.
  • Click here to download the updated version of Foxit PhantomPDF.

SECURITY PROCESS

  • 2015-09-16: AbdulAziz Hariri working with HP's Zero Day Initiative found the issue;
  • 2015-09-16: Foxit Security Response Team confirmed the issue;
  • 2015-09-18: Foxit fixed the issue;
  • 2015-10-08: Foxit released fixed version of Foxit Reader 7.2.2/Foxit PhantomPDF 7.2.2.

Fixed a security issue where the application could crash unexpectedly when saving certain PDF files.

SUMMARY

Foxit Reader 7.2.2 and Foxit PhantomPDF 7.2.2 fixed a security issue where the application could crash unexpectedly when saving certain PDF files that contain “this.closeDoc(true)” in a JavaScript function. When users try to save such a PDF file, the “CloseDocument” function is invoked and the document is destructed and closed. Attackers could exploit this vulnerability and intentionally generate such files that cause the application crash unexpectedly.

Affected Versions
  • Foxit Reader 7.2.0.722 and earlier
  • Foxit PhantomPDF 7.2.0.722 and earlier
Fixed in Version
  • Foxit Reader 7.2.2
  • Foxit PhantomPDF 7.2.2

SOLUTION

Please do one of the followings:

  • Please go to “Check for Update” from the “Help” menu of Foxit Reader or Foxit PhantomPDF to update to the latest version of Foxit Reader 7.2.2 or Foxit PhantomPDF 7.2.2.
  • Click here to download the updated version of Foxit Reader.
  • Click here to download the updated version of Foxit PhantomPDF.

SECURITY PROCESS

  • 2015-09-16: AbdulAziz Hariri working with HP's Zero Day Initiative found the issue;
  • 2015-09-16: Foxit Security Response Team confirmed the issue;
  • 2015-09-18: Foxit fixed the issue;
  • 2015-10-08: Foxit released fixed version of Foxit Reader 7.2.2/Foxit PhantomPDF 7.2.2.

Fixed a security issue where the application could be exposed to Foxit Cloud Update Service Local Privilege Escalation Vulnerability.

SUMMARY

Foxit Reader 7.2.2 fixed a security issue where the application could be exposed to Foxit Cloud Update Service Local Privilege Escalation Vulnerability when an update of Foxit Cloud plugin is available, which could be exploited by attackers to run arbitrary application.

Affected Versions
  • Foxit Reader 6.1 to Foxit Reader 7.2.0.722
Fixed in Version
  • Foxit Reader 7.2.2

SOLUTION

Please do one of the followings:

  • Please go to “Check for Update” from the “Help” menu of Foxit Reader to update to the latest version of Foxit Reader 7.2.2.
  • Click here to download the updated version of Foxit Reader.

SECURITY PROCESS

  • 2015-09-15: AbdulAziz Hariri and Jasiel Spelman working with HP's Zero Day Initiative found the issue;
  • 2015-09-15: Foxit Security Response Team confirmed the issue;
  • 2015-09-28: Foxit fixed the issue;
  • 2015-10-08: Foxit released fixed version of Foxit Reader 7.2.2.

Fixed a security issue where the application could be exposed to Use-After-Free Vulnerability when executing print() or referencing App after closing the document.

SUMMARY

Foxit Reader 7.2.2 and Foxit PhantomPDF 7.2.2 fixed a security issue where the application could be exposed to Use-After-Free Vulnerability when executing print() or referencing App after closing the document. This vulnerability is caused by the reuse of JS Runtime in memory after it has been freed, which could be exploited by attackers to execute controlled crash.

Affected Versions
  • Foxit Reader 7.2.0.722 and earlier
  • Foxit PhantomPDF 7.2.0.722 and earlier
Fixed in Version
  • Foxit Reader 7.2.2
  • Foxit PhantomPDF 7.2.2

SOLUTION

Please do one of the followings:

  • Please go to “Check for Update” from the “Help” menu of Foxit Reader or Foxit PhantomPDF to update to the latest version of Foxit Reader 7.2.2 or Foxit PhantomPDF 7.2.2.
  • Click here to download the updated version of Foxit Reader.
  • Click here to download the updated version of Foxit PhantomPDF.

SECURITY PROCESS

  • 2015-07-29: AbdulAziz Hariri working with HP's Zero Day Initiative found the issue;
  • 2015-07-29: Foxit Security Response Team confirmed the issue;
  • 2015-07-29: Foxit fixed the issue;
  • 2015-10-08: Foxit released fixed version of Foxit Reader 7.2.2/Foxit PhantomPDF 7.2.2.

Fixed a security issue where the application could crash unexpectedly due to recursive reference.

SUMMARY

Foxit Reader 7.2.2 and Foxit PhantomPDF 7.2.2 fixed a security issue where the application could crash unexpectedly when opening a PDF file that contains recursive structure or recursive length definition in Stream object. The cause of the vulnerability lies in the recursive reference during direct or indirect reference. Attackers could exploit this vulnerability and intentionally generate malformed files that cause the application crash unexpectedly.

Affected Versions
  • Foxit Reader 7.2.0.722 and earlier
  • Foxit PhantomPDF 7.2.0.722 and earlier
Fixed in Version
  • Foxit Reader 7.2.2
  • Foxit PhantomPDF 7.2.2

SOLUTION

Please do one of the followings:

  • Please go to “Check for Update” from the “Help” menu of Foxit Reader or Foxit PhantomPDF to update to the latest version of Foxit Reader 7.2.2 or Foxit PhantomPDF 7.2.2.
  • Click here to download the updated version of Foxit Reader.
  • Click here to download the updated version of Foxit PhantomPDF.

SECURITY PROCESS

  • 2015-07-21: Guillaume Endignoux from ANSSI found the issue;
  • 2015-08-03: Foxit Security Response Team confirmed the issue;
  • 2015-08-27: Foxit fixed the issue;
  • 2015-10-08: Foxit released fixed version of Foxit Reader 7.2.2/Foxit PhantomPDF 7.2.2.

Fixed a security issue where attackers could exploit a PDF creator plugin vulnerability to execute arbitrary code.

SUMMARY

Foxit Reader 7.2 and Foxit PhantomPDF 7.2 fixed a security issue where the application may crash when converting a PNG file to PDF file. This vulnerability is caused by memory overflow when copying a memory block in the PDF creator plugin (ConvertToPDF_x86.dll), and could be exploited by attackers to execute arbitrary code.

Affected Versions
  • Foxit Reader 7.1.5.425 and earlier
  • Foxit Enterprise Reader 7.1.5.425 and earlier
  • Foxit PhantomPDF 7.1.5.425 and earlier
Fixed in Version
  • Foxit Reader 7.2
  • Foxit PhantomPDF 7.2

SOLUTION

Please do one of the followings:

  • Please go to "Check for Update" from the "Help" menu of Foxit Reader or Foxit PhantomPDF to update to the latest version of Foxit Reader 7.2 or Foxit PhantomPDF 7.2.
  • Click here to download the updated version of Foxit Reader.
  • Click here to download the updated version of Foxit PhantomPDF.

SECURITY PROCESS

  • 2015-07-08: Sascha Schirra found the issue;
  • 2015-07-08: Foxit Security Response Team confirmed the issue;
  • 2015-07-09: Foxit fixed the issue;
  • 2015-07-29: Foxit released fixed version of Foxit Reader 7.2/ Foxit PhantomPDF 7.2.

Fixed a security issue where the applications could be exposed to a remote code execution when converting a TIFF file to PDF file.

SUMMARY

Foxit Reader 7.2 and Foxit PhantomPDF 7.2 fixed a security issue where the applications could be exposed to a remote code execution vulnerability when converting a TIFF file to PDF file. When loading a TIFF file, the application is vulnerable to reading a VTable from an invalid location, which could be exploited by attackers to execute remote code.

Affected Versions
  • Foxit Reader 7.1.5.425 and earlier
  • Foxit Enterprise Reader 7.1.5.425 and earlier
  • Foxit PhantomPDF 7.1.5.425 and earlier
Fixed in Version
  • Foxit Reader 7.2
  • Foxit PhantomPDF 7.2

SOLUTION

Please do one of the followings:

  • Please go to "Check for Update" from the "Help" menu of Foxit Reader or Foxit PhantomPDF to update to the latest version of Foxit Reader 7.2 or Foxit PhantomPDF 7.2.
  • Click here to download the updated version of Foxit Reader.
  • Click here to download the updated version of Foxit PhantomPDF.

SECURITY PROCESS

  • 2015-04-25: Steven Seeley of Source Incite working with HP's Zero Day Initiative found the issue;
  • 2015-04-27: Foxit Security Response Team confirmed the issue;
  • 2015-05-04: Foxit fixed the issue;
  • 2015-07-29: Foxit released fixed version of Foxit Reader 7.2/ Foxit PhantomPDF 7.2.

Fixed a security issue where the applications could be exposed to a remote code execution vulnerability when converting a GIF file to PDF file.

SUMMARY

Foxit Reader 7.2 and Foxit PhantomPDF 7.2 fixed a security issue where the applications could be exposed to a remote code execution vulnerability when converting a GIF file to PDF file. This issue is caused by a heap corruption resulting from malformed color table data of a GIF file. Attackers could exploit this vulnerability to execute remote code.

Affected Versions
  • Foxit Reader 7.1.5.425 and earlier
  • Foxit Enterprise Reader 7.1.5.425 and earlier
  • Foxit PhantomPDF 7.1.5.425 and earlier
Fixed in Version
  • Foxit Reader 7.2
  • Foxit PhantomPDF 7.2

SOLUTION

Please do one of the followings:

  • Please go to "Check for Update" from the "Help" menu of Foxit Reader or Foxit PhantomPDF to update to the latest version of Foxit Reader 7.2 or Foxit PhantomPDF 7.2.
  • Click here to download the updated version of Foxit Reader.
  • Click here to download the updated version of Foxit PhantomPDF.

SECURITY PROCESS

  • 2015-04-25: Steven Seeley of Source Incite working with HP's Zero Day Initiative found the issue;
  • 2015-04-27: Foxit Security Response Team confirmed the issue;
  • 2015-04-30: Foxit fixed the issue;
  • 2015-07-29: Foxit released fixed version of Foxit Reader 7.2/ Foxit PhantomPDF 7.2.

Fixed a security issue where memory corruption may occur when opening certain XFA forms.

SUMMARY

Foxit Reader 7.2 and Foxit PhantomPDF 7.2 fixed a security issue where memory corruption may occur when opening certain XFA forms. Attackers could exploit this vulnerability and intentionally generate files that cause the application crash unexpectedly.

Affected Versions
  • Foxit Reader 7.1.3.320 and earlier
  • Foxit Enterprise Reader 7.1.3.320 and earlier
  • Foxit PhantomPDF 7.1.3.320 and earlier
Fixed in Version
  • Foxit Reader 7.2
  • Foxit PhantomPDF 7.2

SOLUTION

Please do one of the followings:

  • Please go to “Check for Update” from the “Help” menu of Foxit Reader or Foxit PhantomPDF to update to the latest version of Foxit Reader 7.2 or Foxit PhantomPDF 7.2.
  • Click here to download the updated version of Foxit Reader.
  • Click here to download the updated version of Foxit PhantomPDF.

SECURITY PROCESS

  • 2015-03-25: Kai Lu from Fortinet's FortiGuard Labs found the issue;
  • 2015-03-26: Foxit Security Response Team confirmed the issue;
  • 2015-06-04: Foxit fixed the issue;
  • 2015-07-29: Foxit released fixed version of Foxit Reader 7.2/Foxit PhantomPDF 7.2.

Fixed a security issue where credentials of cloud services may be exposed to MITM attackers when users log in the cloud services from within Foxit MobilePDF.

SUMMARY

Foxit MobilePDF for Android 3.3.2 and Foxit MobilePDF Business for Android 3.3.2 fixed a security issue where credentials of cloud services, including Dropbox, Box, Microsoft, and Google, may be exposed to MITM attackers when users log in the cloud services from within Foxit MobilePDF. This issue is caused by SSL certificate validation vulnerabilities. MITM attackers could exploit this vulnerability to intercept the username and password of user's cloud service.

Affected Versions
  • Foxit MobilePDF for Android 3.3.1 and earlier
  • Foxit MobilePDF Business for Android 3.3.1 and earlier
Fixed in Version
  • Foxit MobilePDF for Android 3.3.2
  • Foxit MobilePDF Business for Android 3.3.2

SOLUTION

Please do one of the followings:

  • Click here to download the updated version of Foxit MobilePDF for Android.
  • Click here to download the updated version of Foxit MobilePDF Business for Android.

SECURITY PROCESS

  • 2015-04-29: Sam Bowne found the issue;
  • 2015-05-02: Foxit Security Response Team confirmed the issue;
  • 2015-05-06: Foxit fixed the issue;
  • 2015-05-18: Foxit released fixed version of Foxit MobilePDF for Android 3.3.2/Foxit MobilePDF Business for Android 3.3.2.

Fixed a security issue where memory corruption may occur when parsing a PDF file that contains an invalid stream.

SUMMARY

Foxit Reader 7.1.5, Foxit Enterprise Reader 7.1.5, and Foxit PhantomPDF 7.1.5 fixed a security issue where memory corruption may occur when parsing a PDF file that contains an invalid stream. Attackers could exploit this vulnerability and intentionally craft such PDF files to cause the application crash unexpectedly.

Affected Versions
  • Foxit Reader 7.1.0.306 and Foxit Reader 7.1.3.320
  • Foxit Enterprise Reader 7.1.0.306 and Foxit Enterprise Reader 7.1.3.320
  • Foxit PhantomPDF 7.1.0.306, Foxit PhantomPDF 7.1.2.311, and Foxit PhantomPDF 7.1.3.320
Fixed in Version
  • Foxit Reader 7.1.5
  • Foxit Enterprise Reader 7.1.5
  • Foxit PhantomPDF 7.1.5

SOLUTION

Please do one of the followings:

  • Please go to “Check for Update” from the “Help” menu of Foxit Reader, Foxit Enterprise Reader, or Foxit PhantomPDF to update to the latest version of Foxit Reader 7.1.5, Foxit Enterprise Reader 7.1.5, or Foxit PhantomPDF 7.1.5.
  • Click here to download the updated version of Foxit Reader.
  • Click here to download the updated version of Foxit Enterprise Reader.
  • Click here to download the updated version of Foxit PhantomPDF.

SECURITY PROCESS

  • 2015-04-10: Francis Provencher from Protek Research Lab's found the issue;
  • 2015-04-14: Foxit Security Response Team confirmed the issue;
  • 2015-04-17: Foxit fixed the issue;
  • 2015-04-24: Foxit released fixed version of Foxit Reader 7.1.5/Foxit Enterprise Reader 7.1.5/Foxit PhantomPDF 7.1.5.

Fixed a security issue where memory corruption may occur during digital signature verification.

SUMMARY

Foxit Reader 7.1.5, Foxit Enterprise Reader 7.1.5, and Foxit PhantomPDF 7.1.5 fixed a security issue where memory corruption may occur when verifying the digital signatures. Attackers could exploit this vulnerability to execute a controlled crash.

Affected Versions
  • Foxit Reader 7.1.0.306 and Foxit Reader 7.1.3.320
  • Foxit Enterprise Reader 7.1.0.306 and Foxit Enterprise Reader 7.1.3.320
  • Foxit PhantomPDF 7.1.0.306, Foxit PhantomPDF 7.1.2.311, and Foxit PhantomPDF 7.1.3.320
Fixed in Version
  • Foxit Reader 7.1.5
  • Foxit Enterprise Reader 7.1.5
  • Foxit PhantomPDF 7.1.5

SOLUTION

Please do one of the followings:

  • Please go to “Check for Update” from the “Help” menu of Foxit Reader, Foxit Enterprise Reader, or Foxit PhantomPDF to update to the latest version of Foxit Reader 7.1.5, Foxit Enterprise Reader 7.1.5, or Foxit PhantomPDF 7.1.5.
  • Click here to download the updated version of Foxit Reader.
  • Click here to download the updated version of Foxit Enterprise Reader.
  • Click here to download the updated version of Foxit PhantomPDF.

SECURITY PROCESS

  • 2015-04-01: Kai Lu from Fortinet's FortiGuard Labs found the issue;
  • 2015-04-02: Foxit Security Response Team confirmed the issue;
  • 2015-04-02: Foxit fixed the issue;
  • 2015-04-24: Foxit released fixed version of Foxit Reader 7.1.5/Foxit Enterprise Reader 7.1.5/Foxit PhantomPDF 7.1.5.

Fixed a security issue where attackers could exploit a Foxit Cloud plugin vulnerability to execute malicious files.

SUMMARY

Foxit Reader 7.1 fixed a security issue where attackers could exploit a Foxit Cloud plugin vulnerability to execute malicious files. The vulnerability is caused by Foxit Cloud Safe Update Service which has unquoted path in the function. Attackers could place an insecure executable on the service path and then enable Foxit Reader to execute the malicious file.

Affected Versions
  • Foxit Reader 6.1 to Foxit Reader 7.0.6.1126
Fixed in Version
  • Foxit Reader 7.1

SOLUTION

Please do one of the followings:

  • Please go to “Check for Update” from the “Help” menu of Foxit Reader to update to the latest version of Foxit Reader 7.1.
  • Click here to download the updated version of Foxit Reader.

SECURITY PROCESS

  • 2015-02-17: Aljaz Ceru from InSec found the issue;
  • 2015-02-21: Foxit Security Response Team confirmed the issue;
  • 2015-03-03: Foxit fixed the issue;
  • 2015-03-09: Foxit released fixed version of Foxit Reader 7.1.

Fixed a security issue where memory corruption may occur when converting a GIF file with an invalid value in LZWMinimumCodeSize, which could lead to a controlled crash execution.

SUMMARY

Foxit Reader 7.1, Foxit Enterprise Reader 7.1, and Foxit PhantomPDF 7.1 fixed a security issue where memory corruption may occur when converting a GIF file with an invalid value in LZWMinimumCodeSize, which could lead to a controlled crash execution.

Affected Versions
  • Foxit Reader 7.0.6.1126 and earlier
  • Foxit Enterprise Reader 7.0.6.1126 and earlier
  • Foxit PhantomPDF 7.0.6.1126 and earlier
Fixed in Version
  • Foxit Reader 7.1
  • Foxit Enterprise Reader 7.1
  • Foxit PhantomPDF 7.1

SOLUTION

Please do one of the followings:

  • Please go to “Check for Update” from the “Help” menu of Foxit Reader, Foxit Enterprise Reader, or Foxit PhantomPDF to update to the latest version of Foxit Reader 7.1, Foxit Enterprise Reader 7.1, or Foxit PhantomPDF 7.1.
  • Click here to download the updated version of Foxit Reader.
  • Click here to download the updated version of Foxit Enterprise Reader.
  • Click here to download the updated version of Foxit PhantomPDF.

SECURITY PROCESS

  • 2015-02-17: Francis Provencher from Protek Research Lab's found the issue;
  • 2015-02-21: Foxit Security Response Team confirmed the issue;
  • 2015-02-21: Foxit fixed the issue;
  • 2015-03-09: Foxit released fixed version of Foxit Reader 7.1/Foxit Enterprise Reader 7.1/Foxit PhantomPDF7.1.

Fixed a security issue where memory corruption may occur when converting a GIF file with an invalid value in Ubyte Size in its DataSubBlock Structure, which could lead to a controlled crash execution.

SUMMARY

Foxit Reader 7.1, Foxit Enterprise Reader 7.1, and Foxit PhantomPDF 7.1 fixed a security issue where memory corruption may occur when converting a GIF file with an invalid value in Ubyte Size in its DataSubBlock Structure, which could lead to a controlled crash execution.

Affected Versions
  • Foxit Reader 7.0.6.1126 and earlier
  • Foxit Enterprise Reader 7.0.6.1126 and earlier
  • Foxit PhantomPDF 7.0.6.1126 and earlier
Fixed in Version
  • Foxit Reader 7.1
  • Foxit Enterprise Reader 7.1
  • Foxit PhantomPDF 7.1

SOLUTION

Please do one of the followings:

  • Please go to “Check for Update” from the “Help” menu of Foxit Reader, Foxit Enterprise Reader, or Foxit PhantomPDF to update to the latest version of Foxit Reader 7.1, Foxit Enterprise Reader 7.1, or Foxit PhantomPDF 7.1.
  • Click here to download the updated version of Foxit Reader.
  • Click here to download the updated version of Foxit Enterprise Reader.
  • Click here to download the updated version of Foxit PhantomPDF.

SECURITY PROCESS

  • 2015-01-22: Francis Provencher from Protek Research Lab's found the issue;
  • 2015-01-28: Foxit Security Response Team confirmed the issue;
  • 2015-01-28: Foxit fixed the issue;
  • 2015-03-09: Foxit released fixed version of Foxit Reader 7.1/Foxit Enterprise Reader 7.1/Foxit PhantomPDF7.1.

Fixed a security issue where applications built on Foxit PDF SDK ActiveX may be exposed to Buffer Overflow when invoking “SetLogFile ()” method.

SUMMARY
Foxit PDF SDK ActiveX 5.0.2.924 fixed a security issue where applications built on Foxit PDF SDK ActiveX may be exposed to Buffer Overflow when invoking “SetLogFile ()” method.

Affected Versions
Foxit PDF SDK ActiveX 2.3 to Foxit PDF ActiveX 5.0.1.820.

Fixed in Version
Foxit PDF SDK ActiveX 5.0.2.924

SOLUTION
Please contact our support team via support@foxitsoftware.com or 1-866-693-6948 (24/7) to upgrade to Foxit PDF SDK ActiveX 5.0.2.924.

SECURITY PROCESS
2014-09-06: Andrea Micalizzi (rgod) working with Hewlett-Packard's Zero Day Initiative (ZDI) found the issue;
2014-09-11: Foxit Security Response Team confirmed the issue;
2014-09-25: Foxit fixed the issue;
2014-09-29: Foxit released fixed version of Foxit PDF SDK ActiveX 5.0.2.924.


Fixed a security issue caused by the Stored XSS vulnerability when reading and displaying filenames and their paths on the “Recent Documents” section from the Start Page.

SUMMARY
Foxit Reader 6.2.1, Foxit Enterprise Reader 6.2.1, and Foxit PhantomPDF 6.2.1 fixed a security issue caused by the Stored XSS vulnerability when reading and displaying filenames and their paths on the “Recent Documents” section from the Start Page. Attackers could tamper with the registry entry and cause the application to load malicious files.

Affected Versions
Foxit Reader 6.2.0.0429 and earlier
Foxit Enterprise Reader 6.2.0.0429 and earlier
Foxit PhantomPDF 6.2.0.0429 and earlier

Fixed in Version
Foxit Reader 6.2.1
Foxit Enterprise Reader 6.2.1
Foxit PhantomPDF 6.2.1

SOLUTION
Please do one of the followings:

  • Please go to “Check for Update” from the “Help” menu of Foxit Reader, Foxit Enterprise Reader, or Foxit PhantomPDF to update to the latest version of Foxit Reader 6.2.1, Foxit Enterprise Reader 6.2.1, or Foxit PhantomPDF 6.2.1.
  • Click here to download the updated version of Foxit Reader.
  • Click here to download the updated version of Foxit Enterprise Reader.
  • Click here to download the updated version of Foxit PhantomPDF.

SECURITY PROCESS
2014-05-24: Bernardo Rodrigues found the issue;
2014-06-03: Foxit Security Response Team confirmed the issue;
2014-06-11: Foxit fixed the issue;
2014-07-01: Foxit released fixed version of Foxit Reader 6.2.1/Foxit Enterprise Reader 6.2.1/Foxit PhantomPDF 6.2.1.


Fixed a security issue where applications built on Foxit PDF SDK DLL may be exposed to Buffer Overflow Remote Code Execution Vulnerability when invoking “FPDFBookmark_GetTitle()” method.

SUMMARY
Foxit PDF SDK DLL 3.1.1.5005 fixed a security issue where applications built on Foxit PDF SDK DLL may be exposed to Buffer Overflow Remote Code Execution Vulnerability when invoking “FPDFBookmark_GetTitle()” method.

Affected Versions
Foxit PDF SDK DLL 3.1.1.2927 and earlier.

Fixed in Version
Foxit PDF SDK DLL 3.1.1.5005

SOLUTION
Please contact our support team via support@foxitsoftware.com or 1-866-693-6948 (24/7) to upgrade to Foxit PDF SDK DLL 3.1.1.5005.

SECURITY PROCESS
2014-04-17: Hewlett-Packard’s Zero Day Initiative (ZDI) found the issue;
2014-04-18: Foxit Security Response Team confirmed the issue;
2014-05-07: Foxit fixed the issue;
2014-05-09: Foxit released fixed version of Foxit PDF SDK DLL 3.1.1.5005.


Fixed a security issue where Foxit Reader tried to load imgseg.dll, which could be exploited.

SUMMARY
Foxit Reader 6.1.4 fixed a security issue where Foxit Reader tried to load imgseg.dll, which could be exploited. Attackers could place an insecure .dll file (whose name is the same as the plugin) in the execution directory, and then enable Foxit Reader to call the malicious file.

Affected Versions
Foxit Reader 6.1.2.1224

Fixed in Version
Foxit Reader 6.1.4

SOLUTION
Please do one of the followings:

  • Please go to "Check for Updates Now" from Foxit Reader "Help" menu to update to the latest version of Foxit Reader 6.1.4.
  • Click here to download the updated version of Foxit Reader now.

SECURITY PROCESS
2014-2-12: Hossam Hosam found the issue;
2014-2-15: Foxit Security Response Team confirmed the issue;
2014-2-17: Foxit fixed the issue;
2014-2-19: Foxit released fixed version of Foxit Reader 6.1.4.

Fixed a security issue where attackers can exploit a web browser plugin vulnerability to execute arbitrary code.

SUMMARY
Foxit Reader 5.4.5 and PhantomPDF 5.4.3 fixed a security issue where attackers can exploit a web browser plugin vulnerability to execute arbitrary code. The vulnerability is caused by a boundary error in the plugin for web browsers (npFoxitReaderPlugin.dll/npFoxitPhantomPDFPlugin.dll) when processing a URL and can be exploited to cause a stack-based buffer overflow via an overly long file name in the URL.

Affected Versions
Foxit Reader 5.4.4 and earlier;
Foxit PhantomPDF 5.4.2 and earlier.

Fixed in Version
Foxit Reader 5.4.5
Foxit PhantomPDF 5.4.3

SOLUTION
Please do one of the followings:

  • Please go to "Check for Updates Now" from Foxit Reader/Foxit PhantomPDF "Help" menu to update to the latest version of Foxit Reader 5.4.5/Foxit PhantomPDF 5.4.3.
  • Click here to download the updated version of Foxit Reader now.
  • Click here to download the updated version of Foxit PhantomPDF now.

SECURITY PROCESS
2013-01-08: Secunia found the issue;
2013-01-11: Foxit Security Response Team confirmed the issue;
2013-01-14: Foxit fixed the issue and released fixed version of Firefox Plugin 2.2.3.111;
2013-01-17: Foxit released fixed version of Foxit Reader 5.4.5 to update Firefox Plugin 2.2.3.111;
2013-02-07: Foxit released fixed version of Foxit PhantomPDF 5.4.3 to update Firefox Plugin 2.2.3.111.

Fixed a security issue where hackers can run arbitrary code by repairing a STATUS_STACK_BUFFER_OVERRUN exception.

SUMMARY
Foxit Advanced PDF Editor 3.0.4.0 fixed a security issue where hackers can run arbitrary code by repairing a STATUS_STACK_BUFFER_OVERRUN exception. The STATUS_STACK_BUFFER_OVERRUN exception is triggered by certain PDFs (The PDFs had some errors which caused our parser to read a Name object which was longer than the maximum allowed length for a Name object.) when the security cookie protecting a return address has been tampered with. And hackers that are able to repair this security cookie may be able to use this crashing test case to run arbitrary code.

Affected Versions
Foxit Advanced PDF Editor 3.0.0.0

Fixed in Version
Foxit Advanced PDF Editor 3.0.4.0

SOLUTION
Please do one of the followings:

  • Please go to "Check for Updates Now" from Reader "Help" menu to update to the latest version of 3.0.4.0
  • Click here to download the updated version now.

SECURITY PROCESS
2012-12-11: CERT Coordination Center found the issue;
2013-01-10: Foxit Security Response Team confirmed the issue;
2013-01-11: Foxit fixed the issue;
2013-01-14: Foxit released fixed version of Foxit Advanced PDF Editor 3.0.4.0.

Fixed a security issue where the insecure application loading libraries could be exploited to attack the application.

SUMMARY
Foxit Reader 5.4.3 fixed a security issue where the application loading libraries in an insecure manner could be exploited to execute arbitrary code to attack the application. An insecure .dll file may be placed in the execution directory or current directory and to create a PDF to cause an error.

Affected Versions
Foxit Reader 5.4.2.0901 and earlier.

Fixed in Version
Foxit Reader 5.4.3

SOLUTION
Please do one of the followings:

  • Please go to "Check for Updates Now" from Reader "Help" menu to update to the latest version of 5.4.3
  • Click here to download the updated version now.

SECURITY PROCESS
2012-09-10: Parvez Anwar of Secunia SVCRP found the issue;
2012-09-11: Foxit Security Response Team confirmed the issue;
2012-09-25: Foxit fixed the issue;
2012-09-26: Foxit released fixed version of Foxit Reader 5.4.3.


Fixed an issue where Foxit Reader may call and run malicious code in the Dynamic Link Library (DLL) file.

SUMMARY
Foxit Reader 5.4 fixed an issue where Foxit Reader may call and run malicious code in the Dynamic Link Library (DLL) file. Attackers could place the infected DLL file, whose name is the same as the system DLL in the Windows prior search path, and then enable Foxit Reader to call the malicious file.

Affected Versions
Foxit Reader 5.3.1.0606 and earlier.

Fixed in Version
Foxit Reader 5.4

SOLUTION
Please do one of the followings:

  • Please go to "Check for Updates Now" in Reader help menu to update to the latest version 5.4
  • Click here to download the updated version now.

SECURITY PROCESS
2012-08-24: Remy Brands found the issue;
2012-08-25: Foxit Security Response Team confirmed the issue;
2012-08-26: Foxit fixed the issue;
2012-09-06: Foxit released fixed version of Foxit Reader 5.4.

Fixed an issue where users cannot open the attachments of PDF files in XP and Windows7.

SUMMARY
Foxit Reader 5.3 fixed an issue where users cannot open the attachments of PDF files in XP and Windows7. The reason of this issue is that the size of the cross-references flow is negative number.

Affected Versions
Foxit Reader 5.1.4.0104 and earlier.

Fixed in Version
Foxit Reader 5.3

SOLUTION
Please do one of the followings:

  • Please go to "Check for Updates Now" in Reader help menu to update to the latest version 5.3
  • Click here to download the updated version now.

SECURITY PROCESS
2012-04-12: John Leitch of Microsoft Vulnerability Research found the issue;
2012-04-12: Foxit Security Response Team confirmed the issue;
2012-04-12: Foxit fixed the issue;
2012-05-03: Foxit released fixed version of Foxit Reader 5.3.

Fixed an issue when opening certain PDF files.

SUMMARY
Foxit Reader 5.1.3 fixed an issue when opening certain PDF files. This issue was caused by the cross-border assignment of an array which may result in memory corruption vulnerabilities.

Affected Versions
Foxit Reader 5.1.0.1021 and earlier.

Fixed in Version
Foxit Reader 5.1.3

SOLUTION
Please do one of the followings:

  • Please go to "Check for Updates Now" in Reader help menu to update to the latest version 5.1.3
  • Click here to download the updated version now.

SECURITY PROCESS
2011-11-09: Alex Garbutt of iSEC Partners, Inc. found the issue;
2011-11-11: Foxit Security Response Team confirmed the issue;
2011-11-17: Foxit fixed the issue;
2011-12-07: Foxit released fixed version of Foxit Reader 5.1.3.


Fixed a security issue of arbitrary code execution when opening certain PDF files.

SUMMARY
Foxit Reader 5.0.2 fixed a security issue of arbitrary code execution when opening certain PDF files. This issue was caused by an Insecure Library Loading vulnerability which may enable the application to load malicious DLL files placed in the Reader's directory by a 3rd party.

Affected Versions
Foxit Reader 5.0 and earlier.

Fixed in Version
Foxit Reader 5.0.2

SOLUTION
Please do one of the followings:

  • Please go to "Check for Updates Now" in Reader help menu to update to the latest version 5.0.2
  • Click here to download the updated version now.

SECURITY PROCESS
2011-06-11: Rob Kraus of Security Consulting Services (SCS) found the issue;
2011-06-13: Foxit Security Response Team confirmed the issue;
2011-07-20: Foxit fixed the issue;
2011-07-21: Foxit released fixed version of Foxit Reader 5.0.2.


Fixed an issue of Foxit Reader when opening certain PDF files in a web browser.

SUMMARY
Foxit Reader 5.0.2 fixed an issue of Foxit Reader when opening certain PDF files in a web browser. The issue is caused by a memory boundary error which can be exploited to cause a heap-based buffer overflow.

Affected Versions
Foxit Reader 5.0 and earlier.

Fixed in Version
Foxit Reader 5.0.2

SOLUTION
Please do one of the followings:

  • Please go to "Check for Updates Now" in Reader help menu to update to the latest version 5.0.2
  • Click here to download the updated version now.

SECURITY PROCESS
2011-06-20: Dmitriy Pletnev of Secunia Research found the issue;
2011-06-24: Foxit Security Response Team confirmed the issue;
2011-07-20: Foxit fixed the issue;
2011-07-21: Foxit released fixed version of Foxit Reader 5.0.2.


Fixed an issue of Foxit Reader when opening some affected PDF files.

SUMMARY
Foxit PDF Reader 4.3.1.0218 had an issue of Foxit Reader when opening some affected files, which is fixed in Reader 5.0. This issue is caused by the memory corruption which could be exploited by viruses to attach or execute malicious code.

Affected Versions
Foxit Reader 4.3.1.0218 and earlier.

Fixed in Version
Foxit Reader 5.0

SOLUTION
Please do one of the followings:

  • Please go to "Check for Updates Now" in Reader help menu to update to the latest version 5.0
  • Click here to download the updated version now.

SECURITY PROCESS
2011-04-18: Brett Gervasoni of Sense of Security Pty Ltd found the issue;
2011-04-20: Foxit Security Response Team confirmed the issue;
2011-05-22: Foxit fixed the issue;
2011-05-26: Foxit released fixed version of Foxit Reader 5.0.


Fixed an issue of the Foxit Reader software that is caused by illegal accessing memory.

SUMMARY
Foxit PDF Reader 4.3.1.0218 fixed an issue of the Foxit Reader software that is caused by illegal accessing memory when opening some special PDF documents.

Affected Versions
Foxit Reader 4.3 and earlier.

Fixed in Version
Foxit Reader 4.3.1.0218

SOLUTION
Please do one of the followings:

  • Please go to "Check for Updates Now" in Reader help menu to update to the latest version 4.3.1.0218
  • Click here to download the updated version now.

SECURITY PROCESS
2011-02-15: Secunia Research found the issue;
2011-02-15: Foxit Security Response Team confirmed the issue;
2011-02-22: Foxit fixed the issue;
2011-02-24: Foxit released fixed version of Foxit Reader 4.3.1.0218.

Fixed identity theft issue caused by the security flaw of the digital signature.

SUMMARY
Foxit Reader 4.2 fixes the theft issue caused by the security flaw of the digital signature efficiently and better prevents the digital signature from being compromised and fiddled.

Affected Versions
Foxit Reader 4.1 and earlier.

Fixed in Version
Foxit Reader 4.2

SOLUTION
Please do one of the followings:

  • Please go to "Check for Updates Now" in Reader help menu to update to the latest version 4.2
  • Click here to download the updated version now.

SECURITY PROCESS
2010-08-18: Foxit found the issue;
2010-08-18: Foxit Security Response Team confirmed the issue;
2010-09-13: Foxit fixed the issue;
2010-09-29: Foxit released fixed version of Foxit Reader 4.2.


Fixed the crash issue caused by the new iPhone/iPad jailbreak program.

SUMMARY
Foxit Reader 4.1.1.0805 fixes the crash issue caused by the new iPhone/iPad jailbreak program efficiently and prevents the malicious attacks to your computer.

Affected Versions
Foxit Reader 4.0 and earlier.

Fixed in Version
Foxit Reader 4.1

SOLUTION
Please do one of the followings:

  • Please go to "Check for Updates Now" in Reader help menu to update to the latest version 4.1.1.0805
  • Click here to download the updated version now.

SECURITY PROCESS
2010-08-04: Foxit found the issue;
2010-08-04: Foxit Security Response Team confirmed the issue;
2010-08-05: Foxit fixed the issue;
2010-08-06: Foxit released fixed version of Foxit Reader 4.1.1.0805.


Fixed a numerical overflow in the freetype engine.

SUMMARY
Foxit Reader 4.0.0.0619 fixed an issue of Foxit Reader caused by the numerical overflow in the freetype engine when opening some PDF files. The reason of the overflow is that the type1 decoder in the freetype engine lacks of a numerical boundary checking.

Affected Versions
Foxit Reader 4.0 and earlier.

Fixed in Version
Foxit Reader 4.0.0.0619

SOLUTION
Please do one of the followings:

  • Please go to "Check for Updates Now" in Reader help menu to update to the latest version 4.0.0.0619
  • Click here to download the updated version now.

SECURITY PROCESS
2010-05-25: David Seidman of Microsoft and Microsoft Vulnerability Research (MSVR) found the issue;
2010-05-26: Foxit Security Response Team confirmed the issue;
2010-06-01: Foxit fixed the issue;
2010-06-29: Foxit released fixed version of Foxit Reader 4.0.0.0619.


Authorization Bypass When Executing An Embedded Executable.

SUMMARY
Fixed a security issue that Foxit Reader runs an executable embedded program inside a PDF automatically without asking for user's permission.

AFFECTED SOFTWARE VERSION
Foxit Reader 3.2.0.0303.

SOLUTION
Please do one of the followings:

  • Please go to "Check for Updates Now" in Reader help menu to update to the latest version 3.2.1.0401
  • Click here to download the updated version now.

SECURITY PROCESS
2010-03-29: Didier Stevens found the issue;
2010-03-30: Foxit Security Response Team confirmed the issue;
2010-03-30: Foxit fixed the issue;
2010-04-01: Foxit released fixed version of Foxit Reader 3.2.1.0401.

Firefox Plugin Memory Corruption Vulnerability Fixed

SUMMARY
The vulnerability is caused due to an error in the Foxit Reader plugin for Firefox (npFoxitReaderPlugin.dll). This can be exploited to trigger a memory corruption by tricking a user into visiting a specially crafted web page which repeatedly loads and unloads the plugin.

AFFECTED SOFTWARE VERSION
Foxit Reader 3.1.2.1013 and Foxit Reader 3.1.2.1030

SOLUTION
Recommend all Foxit Reader users to please update Firefox Plgun to the latest version, which is available here: https://www.foxitsoftware.com/downloads/

SECURITY PROCESS
2009-10-20: Foxit found the issue and contacted Secunia for details immediately;
2009-10-22: Foxit confirmed issue;
2009-11-17: Foxit fixed the issue;
2009-11-17: Fix confirmed by Secunia;
2009-11-17: Foxit released Firefox Plugin 1.1.2009.1117


Two Security Vulnerabilities Fixed in Foxit Reader 3.0 and JPEG2000/JBIG2 Decoder

SUMMARY
Here is detailed information about the vulnerabilities:

  • Fixed a problem related to negative stream offset (in malicious JPEG2000 stream) which caused reading data from an out-of-bound address. We have added guard codes to solve this issue.
  • Fixed a problem related to error handling when decoding JPEG2000 header, an uncaught fatal error resulted a subsequent invalid address access. We added error handling code to terminate the decoding process.

AFFECTED SOFTWARE VERSION
Foxit Reader 3.0 and JPEG2000/JBIG2 Decoder add-on version 2.0.2009.303

SOLUTION
For Foxit Reader users, please download the latest Foxit Reader 3.0, and for the critical add-on of JPEG 2000/JBIG2 decoder, please go to "Check for Updates Now" located in the Reader help menu to update the add-on to the latest version 2.0 Build 2009.616.

SECURITY PROCESS
2009-06-02: Foxit received report from CERT;
2009-06-03: Foxit confirmed issues;
2009-06-09: Foxit fixed the issues;
2009-06-19: Foxit released fixed version of Foxit Reader 3.0 Build 1817 and JPEG2000/JBIG2 Decoder add-on version 2.0 Build 2009.616.


Stack-based Buffer Overflow

SUMMARY
Foxit PDF files include actions associated with different triggers. If an action (Open/Execute a file, Open a web link, etc.) is defined in the PDF files with an overly long filename argument and the trigger condition is satisfied, it will cause a stack-based buffer overflow.

AFFECTED SOFTWARE VERSION
Foxit Reader 3.0.

SOLUTION
Recommend all Foxit Reader users to please update their Foxit Reader 3.0, available here: https://www.foxitsoftware.com/downloads/

SECURITY PROCESS
2009-02-18: Foxit received report from Foxit Security Response Team;
2009-02-19: Foxit confirmed issue;
2009-02-20: Foxit fixed the issue;
2009-02-28: Fix confirmed by Foxit Security Response Team;
2009-03-09: Foxit released fixed version 3.0 Build 1506.


Security Authorization Bypass

SUMMARY
If an action (Open/Execute a file, Open a web link, etc.) is defined in the PDF files and the trigger condition is satisfied, Foxit Reader will do the action defined by the creator of the PDF file without popping up a dialog box to confirm.

AFFECTED SOFTWARE VERSION
Foxit Reader 3.0 and Foxit Reader 2.3

SOLUTION
Recommend Foxit Reader users to update to Foxit Reader 3.0, and for those who keep using Foxit Reader 2.3 you can download the updated version, available here: https://www.foxitsoftware.com/downloads/

SECURITY PROCESS
2009-02-18: Foxit received report from Foxit Security Response Team;
2009-02-19: Foxit confirmed issue;
2009-02-20: Foxit fixed the issue;
2009-02-28: Fix confirmed by Foxit Security Response Team;
2009-03-09: Foxit released fixed version 3.0 Build 1506 and version 2.3 Build 3902.


JBIG2 Symbol Dictionary Processing

SUMMARY
While decoding a JBIG2 symbol dictionary segment, an array of 32-bit elements is allocated having a size equal to the number of exported symbols, but left uninitialised if the number of new symbols is zero. The array is later accessed and values from uninitialised memory are used as pointers when reading memory and performing calls.

AFFECTED SOFTWARE VERSION
JPEG2000/JBIG Decoder add-on version 2.0.2008.715 in Foxit Reader 3.0 and Foxit Reader 2.3

SOLUTION
For Foxit Reader users who have downloaded and used the JPEG2000/JBIG Decoder, please go to "Check for Updates Now" in Reader help menu to update the add-on to the latest version 2.0.2009.303 or click here to download the latest version 2.0.2009.303.

SECURITY PROCESS
2009-02-27: Foxit received report from Secunia;
2009-02-28: Foxit confirmed issue;
2009-03-04: Foxit fixed the issue;
2009-03-04: Fix confirmed by Secunia;
2009-03-09: Foxit released fixed version 2.0.2009.303

Ask Toolbar ToolbarSettings ActiveX Control Buffer Overflow
The ask.com toolbar Foxit is bundling, is not the same version as reported on secunia.com, and doesn't have the reported vulnerability.
Click here to check the related report on secunia.com.