Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Foxit PDF Reader is well and truly foxed up, but vendor won't patch


  • Please log in to reply
6 replies to this topic

#1 JohnC_21

JohnC_21

  • Members
  • 23,276 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:50 PM

Posted 21 August 2017 - 08:25 AM

We've got Safe Mode and that's safe enough, vendor tells ~400m users

 

The Zero Day Initiative (ZDI) has gone public with a Foxit PDF Reader vulnerability without a fix, because the vendor resisted patching.

 

The ZDI made the decision last week that the two vulns, CVE-2017-10951 and CVE-2017-10952, warranted release so at least some of Foxit's 400 million users could protect themselves.

In both cases, the only chance at mitigation is to use the software's "Secure Mode" when opening files, something that users might skip in normal circumstances.

 

CVE-2017-10951 allows the the app.launchURL method to execute a system call from a user-supplied string, with insufficient validation.

CVE-2017-10952 means the saveAs JavaScript function doesn't validate what the user supplies, letting an attacker write "arbitrary files into attacker controlled locations."

 

"Foxit Reader & PhantomPDF has a Safe Reading Mode which is enabled by default to control the running of JavaScript, which can effectively guard against potential vulnerabilities from unauthorized JavaScript actions."

Foxit Software appears to be content to suggest users run its wares in Safe Mode, as its security advisories home page offers that advice for bugs identified in 2011.

Article

 



BC AdBot (Login to Remove)

 


#2 poulner

poulner

  • Members
  • 138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Souhtern England
  • Local time:07:50 PM

Posted 27 August 2017 - 05:23 AM

Apologies for interrupting. Does the Foxit Reader Forum fit in to this situation somehow? Recently I tried to log on, and found blocking the page a notice it had been suspended, and for more info contact the host.



#3 JohnC_21

JohnC_21
  • Topic Starter

  • Members
  • 23,276 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:50 PM

Posted 28 August 2017 - 10:43 AM

No, the Forum is not related to the issue I posted.



#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,287 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:50 PM

Posted 30 August 2017 - 08:58 AM

I stopped using Foxit Reader a long time ago because it became bloated and bundled other software. There are better alternatives...Note: Sumatra PDF's attack surface is much smaller than any other viewer because it doesn't support JavaScript.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 JohnnyJammer

JohnnyJammer

  • Members
  • 1,117 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:QLD Australia
  • Local time:04:50 AM

Posted 31 August 2017 - 05:29 PM

I stopped using Foxit Reader a long time ago because it became bloated and bundled other software. There are better alternatives...

Note: Sumatra PDF's attack surface is much smaller than any other viewer because it doesn't support JavaScript.

 

Same mate it was a great pdf reader and print driver after adobe stopped print driver (Print to pdf) in ver 10.

Then it had toolbars, other crap etc etc and then i stopped.

 

Nitro PDF and PrimoPDF used to eb good as well.



#6 poulner

poulner

  • Members
  • 138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Souhtern England
  • Local time:07:50 PM

Posted 01 September 2017 - 12:45 AM

Your comments are interesting and informative. I won't go in to details, but quite recently I had to reinstall the reader. Now you're making me wonder, if the continual invasion by PUPs and BHOs might be connected.



#7 poulner

poulner

  • Members
  • 138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Souhtern England
  • Local time:07:50 PM

Posted 01 September 2017 - 03:11 AM

Can you actually type e.g. form fill with any of the recommendations? On the first by @ Bleepin' Janitor I could not see how. BTW i saw that app has been replaced by a paid for.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users