Cyber security news for all

More

    Dangerous vulnerabilities have been found in the popular Foxit Reader

    Foxit Reader has released security updates for the Windows editions of its PDF tools. Programs are now available in the latest version. A number of vulnerabilities were removed, several of which would have enabled remote code execution under certain conditions.

    The error is in the java script function. It accepts strings from any source because it has no way to validate them. For example, an attacker could create a string and pass it to the function. To do this, the program sends a phishing email that looks as if it came from a legitimate website. The attacker then waits for the recipient to open the attachment, which is presented like an order confirmation. Using the function, it can then take control of the victim’s PC remotely.

    The attack starts when the target opens an email attachment that looks like confirmation of the purchase of a book. The document contains a hidden HTML file written in script that is executed when the document is saved and can cause the PC to crash.

    Do Not Open Every File Attachment

    The researchers who found the vulnerabilities therefore recommend all users not to open suspicious looking file attachments, to activate Safe Reading Mode and to deactivate Java script in the Foxit Reader settings. However, this limits the functionality of the program.

    With the update to version 9.7.2, the provider closes several security gaps. As can be seen from the manufacturer’s comments, these could potentially be exploited to run arbitrary code on the affected system. This can be done, for example, using JavaScript code or using watermarks and text fields. Users who have installed Foxit Reader should already be provided with version 9.7.2 using the built in update function.

    Recent Articles

    Related Stories

    Leave A Reply

    Please enter your comment!
    Please enter your name here

    Stay on op - Ge the daily news in your inbox

    [tdn_block_newsletter_subscribe input_placeholder="Email address" btn_text="Subscribe" tds_newsletter2-image="730" tds_newsletter2-image_bg_color="#c3ecff" tds_newsletter3-input_bar_display="" tds_newsletter4-image="731" tds_newsletter4-image_bg_color="#fffbcf" tds_newsletter4-btn_bg_color="#f3b700" tds_newsletter4-check_accent="#f3b700" tds_newsletter5-tdicon="tdc-font-fa tdc-font-fa-envelope-o" tds_newsletter5-btn_bg_color="#000000" tds_newsletter5-btn_bg_color_hover="#4db2ec" tds_newsletter5-check_accent="#000000" tds_newsletter6-input_bar_display="row" tds_newsletter6-btn_bg_color="#da1414" tds_newsletter6-check_accent="#da1414" tds_newsletter7-image="732" tds_newsletter7-btn_bg_color="#1c69ad" tds_newsletter7-check_accent="#1c69ad" tds_newsletter7-f_title_font_size="20" tds_newsletter7-f_title_font_line_height="28px" tds_newsletter8-input_bar_display="row" tds_newsletter8-btn_bg_color="#00649e" tds_newsletter8-btn_bg_color_hover="#21709e" tds_newsletter8-check_accent="#00649e" embedded_form_code="YWN0aW9uJTNEJTIybGlzdC1tYW5hZ2UuY29tJTJGc3Vic2NyaWJlJTIy" tds_newsletter="tds_newsletter1" tds_newsletter3-all_border_width="2" tds_newsletter3-all_border_color="#e6e6e6" tdc_css="eyJhbGwiOnsibWFyZ2luLWJvdHRvbSI6IjAiLCJib3JkZXItY29sb3IiOiIjZTZlNmU2IiwiZGlzcGxheSI6IiJ9fQ==" tds_newsletter1-btn_bg_color="#0d42a2" tds_newsletter1-f_btn_font_family="406" tds_newsletter1-f_btn_font_transform="uppercase" tds_newsletter1-f_btn_font_weight="800" tds_newsletter1-f_btn_font_spacing="1" tds_newsletter1-f_input_font_line_height="eyJhbGwiOiIzIiwicG9ydHJhaXQiOiIyLjYiLCJsYW5kc2NhcGUiOiIyLjgifQ==" tds_newsletter1-f_input_font_family="406" tds_newsletter1-f_input_font_size="eyJhbGwiOiIxMyIsImxhbmRzY2FwZSI6IjEyIiwicG9ydHJhaXQiOiIxMSIsInBob25lIjoiMTMifQ==" tds_newsletter1-input_bg_color="#fcfcfc" tds_newsletter1-input_border_size="0" tds_newsletter1-f_btn_font_size="eyJsYW5kc2NhcGUiOiIxMiIsInBvcnRyYWl0IjoiMTEiLCJhbGwiOiIxMyJ9" content_align_horizontal="content-horiz-center"]