Jump to content


Photo

Foxit Reader advisories/updates


  • Please log in to reply
27 replies to this topic

#1 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 12 May 2008 - 09:58 AM

FYI...

- http://secunia.com/advisories/29934/
Last Update: 2008-05-07
Critical: Moderately critical
Impact: DoS, System access
Where: From remote
Solution Status: Partial Fix
Software: Foxit Reader 2.x
Solution: Update to version 2.3 Build 2825, which partially fixes the vulnerabilities.

- http://nvd.nist.gov/...e=CVE-2008-1942

:ph34r:

Edited by apluswebmaster, 12 May 2008 - 10:02 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#2 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 23 May 2008 - 12:57 PM

FYI...

Foxit Reader vuln - update available
- http://secunia.com/advisories/29941/
Release Date: 2008-05-20
Critical: Highly critical
Impact: System access
Where: From remote
...The vulnerability is confirmed in version 2.3 build 2825. Other versions may also be affected.Solution:
The vulnerability is fixed in upcoming version 2.3 build 2912.

- http://www.foxitsoft...down_reader.htm
Foxit Reader 2.3 for Windows
Last Updated: 2008-05-23
OS: 98/ME/2000/XP/2003/Vista
Version: 2.3 Build 2923

.
.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#3 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 05 September 2008 - 07:27 AM

FYI...

Foxit Reader 2.3
- http://www.foxitsoft...down_reader.htm
Foxit Reader 2.3 for Windows
Last Updated: 2008-08-04
OS: ME/2000/XP/2003/Vista
Version: 2.3 Build 3201

Fixed in Foxit Reader 2.3 Build 3201
- http://www.foxitsoft...er_2/bugfix.htm

:!:
.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#4 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 26 September 2008 - 01:31 AM

FYI...

Foxit Reader V2.3 Build 3309
- http://www.foxitsoft...p?announceid=58
Bug-fixed Release / September 17, 2008
...This version has fixed some major bugs of the early versions and provides some minor enhancements listed below:
. Compatibility issues with Foxit Reader and Adobe Reader after saving.
. Disappearing Toolbar after minimizing Foxit Reader to the system tray...
- http://www.foxitsoft...er_2/bugfix.htm

- http://www.foxitsoft....com/downloads/

:!:

Edited by apluswebmaster, 26 September 2008 - 01:31 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#5 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 07 November 2008 - 03:59 PM

If you were thinking of replacing your Adobe Reader with Foxit, -now- would be the time...

Adobe Reader v9... 33.5MB
- http://www.adobe.com/go/getreader
-OR-
- http://www.foxitsoft....com/downloads/
Latest version: Foxit Reader 2.3 (.exe) 2.3 Build 3309 - 2.57 MB - 10/14/08

:!:
.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#6 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 21 November 2008 - 04:48 AM

FYI...

Foxit Reader v3.0 Build 1120 released
- http://www.foxitsoft...down_reader.htm
Foxit Reader 3.0 for Windows (Installer: .exe, 3.68 MB)
Last Updated: 2008-11-20
OS: ME/2000/XP/2003/Vista
Version: 3.0 Build 1120

What's new in 3.0
- http://www.foxitsoft.../whatsnew30.htm

Fixed in Foxit Reader 3.0 Build 1120
- http://www.foxitsoft...er_2/bugfix.htm
1. Cannot open PDF files embedded in MSWord.
2. Cannot open the links to PDF files in a PDF with IE.
3. The print command is inconsistent with the one specified in registry.
4. Cannot align typewriter annotations.
5. New popup notes will not be active, unless users click on it when they use the note tool to make annotations.
6. Users are still able to drag a callout when they click and drag a place which is nowhere in the area of the callout’s visible element, but in the rectangular region bound by those elements.
7. The mouse cursor while in highlight mode has just one shape, which stays the same whenever it is used to select row by row.
8. When the cursor is on the blank margin you cannot scroll page (while annotations is activated) by scrolling the mouse wheel.
9. Cannot open PDF files with extension .FDF.
10. Setting a new default author and subject for the Note Tool will not be recalled.
11. There are no property toolbars available to set colors and opacity...

:!:
.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#7 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 26 December 2008 - 11:01 AM

FYI...

Foxit Reader v3.0 Build 1222 released
- http://www.foxitsoft...down_reader.htm
Foxit Reader 3.0 for Windows
Last Updated: 2008-12-25
OS: Windows 2000/XP/2003/Vista
Version: 3.0 Build 1222

- http://www.foxitsoft...er_2/bugfix.htm
Fixed in Foxit Reader 3.0 Build 1222
1. The annotations added by the typewriter tool will be rotated along with the page.
2. Popup "Mozilla Firefox is not installed." when users failed to install Firefox plug-in.
3. May take a long time to open a file in Windows Vista Home version.
4. This updated version allows users to delete the advertisements.
5. The Auto-Rotate feature may be unavailable when printing with Snapshot tool.
6. Go back to the default settings of the printer properties when users reopen the PDF files.
7. This updated version will choose to print documents in actual size mode or fit to paper mode based on the default settings in the print dialog box with Command lines.
8. Page numbers are printed in a disorderly way when printing multiple copies in double-side mode.
9. The slow launch speed when running Foxit Reader for the first time after the system startup.

:!:
.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#8 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 01 January 2009 - 08:07 AM

FYI...

Foxit Reader 3.0 Build 1301 released
- http://www.foxitsoft...down_reader.htm
Last Updated: 2009-01-01
OS: Windows 2000/XP/2003/Vista
Version: 3.0 Build 1301

Fixed in Foxit Reader 3.0 Build 1301
- http://www.foxitsoft...er_2/bugfix.htm
A dead loop error appears when printing pages or a range of pages by entering 1, 3, 7-10, etc. in the Pages text box within the Print dialog box.
Symptoms: If you print pages or a range of pages by entering 1, 3, 7-10, etc. in the Pages text box within the Print dialog box with Foxit Reader 3.0 Build 1222, the printing doesn’t stop.

NOTES:
1. After installing this update, the FoxIt PDF reader plug-in with Firefox v3.0.5 no longer worked - hmmm - disabled the plugin, and it worked! Workaround: leave it disabled. YMMV. 'Appears someone got their 1's and 0's mixed up.
2. More issues with this build: If other add-on/plugins have been disabled, this plugin causes -other- plugins to re-enable themselves (?)...

:question: :!:

Edited by apluswebmaster, 05 January 2009 - 06:58 PM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#9 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 09 March 2009 - 07:06 AM

FYI...

Foxit Reader multiple vulns - update available
- http://secunia.com/advisories/34036/2/
Release Date: 2009-03-09
Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch
Software: Foxit Reader 2.x, Foxit Reader 3.x
...This vulnerability is confirmed in version 3.0.2009.1301 and reported in versions 2.3 and 3.0. Successful exploitation of the vulnerabilities may allow execution of arbitrary code...
Solution: Update to version 3.0 Build 1506 or version 2.3 Build 3902 * ...
Original Advisory: Foxit Software: http://www.foxitsoft...er/security.htm
Release Date: Mar. 9, 2009
Stack-based Buffer Overflow in Foxit Reader 3.0
Security Authorization Bypass in Foxit Reader 2.3 and 3.0
JBIG2 Symbol Dictionary Processing in Foxit Reader 2.3 and 3.0...
2009-03-09: Foxit released fixed version 3.0 Build 1506...
Secunia Research: http://secunia.com/s...search/2009-11/
CVE reference: http://cve.mitre.org...e=CVE-2009-0191

* http://www.foxitsoft....com/downloads/
Last Updated: 2009-03-09
OS: Windows 2000/XP/2003/Vista

- http://web.nvd.nist....d=CVE-2009-0837

- http://web.nvd.nist....d=CVE-2009-0836

- http://web.nvd.nist....d=CVE-2009-0191

:ph34r:

Edited by apluswebmaster, 29 April 2009 - 08:11 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#10 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 23 June 2009 - 05:55 AM

FYI...

Foxit Reader vuln - update available
- http://secunia.com/advisories/35512/2/
Release Date: 2009-06-22
Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch
Software: Foxit Reader JPEG2000/JBIG Decoder Add-On 2.x
Solution: Update to version 2.0 Build 2009.616.
http://www.foxitsoft...r2.0.20096.html
Original Advisory: US-CERT VU#251793:
http://www.kb.cert.org/vuls/id/251793
"...This issue is addressed in Foxit Reader 3.0 Build 1817 ..."
Foxit Software:
http://www.foxitsoft...curity.htm#0602

- http://www.foxitsoft....com/downloads/
Foxit Reader 3.0 Build 1817(exe) 3.57MB 06/19/09
JPEG2000/JBIG Decoder 2.0 Build 2009.616(fzip) 169KB 06/19/09

- http://cve.mitre.org...e=CVE-2009-0690
- http://cve.mitre.org...e=CVE-2009-0691

-OR-
From an Admin account >Start Foxit Reader >Help >Check for Updates (select/add) ...Build 1817 ...Install

:ph34r:

Edited by apluswebmaster, 23 June 2009 - 06:26 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#11 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 03 September 2009 - 04:44 AM

FYI...

Foxit Reader v3.1.1.0901 released
- http://www.foxitsoft...ader/bugfix.htm
Fixed in Foxit Reader 3.1.1.0901
1. The reported issue of Foxit Reader 3.1.0.0824 crashing when users are viewing certain PDF files has been updated and is no longer a problem.
2. Fixed an issue where Foxit Reader may not be launched in the system without installing Microsoft Visual C++ 2005 Redistributable.

- http://www.foxitsoft...loads/index.php
Foxit Reader 3.1.1.0901(exe) - 5.05 MB - 09/03/09
-OR-
From an Admin account >Start Foxit Reader >Help >Check for Updates (select/add) ...FoxIt Reader 3.1.1.0901 Upgrade ...Install

:ph34r:
.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#12 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 20 October 2009 - 07:44 AM

FYI...

Foxit PDF Reader Firefox Plugin Memory Corruption vuln
- http://secunia.com/advisories/37049/2/
Release Date: 2009-10-15
Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Unpatched * (?)
Software: Foxit Reader 3.x ...
Solution: Do not visit untrusted websites or follow untrusted links.
Disable the Foxit Reader plugin in Firefox.
Original Advisory: http://seclists.org/...re/2009/Oct/198
14 Oct 2009 - "It would appear that Foxit reader version 3.1.1.0928 is also vulnerable to this memory corruption flaw. Foxit reader was also vulnerable to the JPEG2000/JBIG2 decoder bug..."
Other References: SA36983: http://secunia.com/advisories/36983/2/

* http://www.foxitsoft...ader/bugfix.htm
Fixed in Foxit Reader 3.1.2.1013: Fix the memory leak issue where the memory usage will continuously grow while viewing PDF files with Foxit Reader.
- http://www.foxitsoft...loads/index.php
Foxit Reader 3.1.2.1013(exe) 5.06 MB - 10/13/09

:!:
.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#13 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 06 November 2009 - 06:03 AM

FYI...

Foxit Reader v3.1.3.1030 released
- http://www.foxitsoft...ader/bugfix.htm
11/5/09 - "Fixed in Foxit Reader 3.1.3.1030:
Fixed the issue in Foxit Reader 3.1.2.1013, where the text in PDF documents cannot be printed with specific printers."
(Update is also available through the "Check for Updates" function of the Foxit Reader.)

- http://secunia.com/advisories/37049/2/
Last Update: 2009-11-18
Solution: Update to version 3.1.3.1030 and install the latest Firefox Plugin via the internal update mechanism...

:ph34r:

Edited by apluswebmaster, 01 December 2009 - 06:23 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#14 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 27 November 2009 - 06:19 AM

FYI...

Foxit Reader v3.1.4 released
- http://www.foxitsoft...loads/index.php
11/26/09

Fixed in Foxit Reader 3.1.4
- http://www.foxitsoft...ader/bugfix.htm
1. Now supports opening files containing special Unicode characters in filenames.
2. Right-clicking the annotation with zoom tool will not popup annotation menu.
3. When using the Commenting Tools, the color indicator will reflect your color selection.
4. Now supports simultaneous viewing of multiple documents.
5. Fixed the issue where some files display slowly in the print preview window.
6. Fixed the issue where some pdf files cannot be opened in the correct positions.

11.30.2009 - Update is now available through the "Check for Updates" function of the Foxit Reader.

:!:

Edited by apluswebmaster, 01 December 2009 - 06:23 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#15 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 11 March 2010 - 05:29 AM

FYI...

Foxit Reader v3.2 released
- http://www.foxitsoft...loads/index.php
03/11/10

What’s New in Foxit Reader 3.2
- http://www.foxitsoft.../whatsnew32.htm

Fixed in Foxit Reader 3.2
- http://www.foxitsoft...ader/bugfix.htm
1. Better JavaScript support.
2. Fixed the crash issue when double clicking to open certain PDFs.
3. Fixed the issue where cannot correctly display the content copied from Text Viewer mode on popup dialog box.
4. Better support saving PDF as text.
5. Fixed the issue where pop multiple message boxes when clicking the bookmarks several times continuously.
6. Fixed the issues where some PDF documents cannot be associated with Foxit Reader.
7. Fixed the issue where space may disappear when copying text.
8. Fixed the crash issue when occasional use of arrow keys on keyboard to turn pages.
9. Fixed the issue where the text may not be highlighted.
10. Fixed the issue where the text string starting with a space cannot be searched.
11. Fixed the issue with vertical text selection and text highlight.

Update available through the "Check for Updates" function:
> Help > Check for Updates now > FoxIt Reader 3.2.0.0303 Upgrade

:!:

Edited by apluswebmaster, 30 March 2010 - 05:40 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#16 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 02 April 2010 - 04:21 AM

FYI...

Foxit Reader v3.2.1.0401 released
- http://www.foxitsoft...loads/index.php
04/01/10

Fixed in Foxit Reader 3.2.1.0401
- http://www.foxitsoft...ader/bugfix.htm
1. Fixed a security issue that Foxit Reader runs an executable embedded program inside a PDF automatically without asking for user’s permission.

- http://web.nvd.nist....d=CVE-2010-1239
Last revised: 04/06/2010
CVSS v2 Base Score: 9.3 (HIGH)

From an admin. account, update is available through the "Check for Updates" function:
> Help > Check for Updates now > FoxIt Reader 3.2.1.0401 Upgrade

RE: http://isc.sans.org/...ml?storyid=8545
Last Updated: 2010-03-31 19:04:25 UTC
...and: http://www.f-secure....s/00001923.html
March 31, 2010

- http://www.kb.cert.org/vuls/id/570177
2010-04-02 - "... issue is addressed in Foxit Reader 3.2.1.0401..."

- http://secunia.com/advisories/39291/
Release Date: 2010-04-05
Criticality level: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch
Software: Foxit Reader 3.x
Solution: Update to version 3.2.1.0401.

- http://www.h-online....ole-970102.html
5 April 2010

:ph34r:

Edited by apluswebmaster, 13 April 2010 - 07:42 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#17 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 04 May 2010 - 10:00 PM

FYI...

FoxIt Reader v3.3.0.0430 released
- http://www.foxitsoft...loads/index.php
05/04/10

What’s New in Foxit Reader 3.3
- http://www.foxitsoft.../reader3.3.html
New features:
* Secure Trust Manager - The new Secure Trust Manager enables users to allow or deny unauthorized actions and data transmission, including URL connection, attachments PDF actions, and JavaScript functions; efficiently avoiding the attack from malicious contents and viruses.
* Improved Ask Search Button Setting - Enables users to show or hide the Ask Search Button in the Preferences menu.
* Many Bug Fixes - Fixes some bugs from previous versions including an issue where Ask Toolbar may be installed by default.
- http://forums.foxits...ead.php?t=18365
May 4, 2010 - "... The new Trust Manager allows users to select a safe mode operation, once selected; no external commands will be executed by the Foxit Reader. The Trust Manager feature is easy-to-use and can be selected or deselected within the reader at the discretion of the reader.
A second feature within the new reader is an improved Foxit toolbar installation menu. In version 3.2, a number of Reader users reported that the Foxit toolbar was being installed without being notified. Foxit acknowledges this error and has resolved the issue in this new release..."

- http://www.foxitsoft...ader/bugfix.htm
Fixed in Foxit Reader 3.3: Fixes some bugs from previous versions including an issue where Ask Toolbar may be installed by default.

Update available through the "Check for Updates" function:
From an admin. account > Help > Check for Updates now > FoxIt Reader 3.3.0.0430 Upgrade

- http://www.zdnet.com...ng-feature/6376
May 7, 2010
- http://i.zdnet.com/b...f_in_action.png

:ph34r:

Edited by apluswebmaster, 31 May 2010 - 03:32 PM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#18 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 21 May 2010 - 05:02 PM

FYI...

Foxit Reader v3.3.1.0518 released
- http://www.foxitsoft...loads/index.php
May 20, 2010

What's New...
- http://www.foxitsoft...whatsnew331.htm
"... A pop-up dialog contains an area which is reserved for a message that is generated by the rendered PDF. Due to Foxit's concern that this message may mislead users to take an unadvisable action, Foxit Reader will no longer display the content of the message and removes any parameters within the Pop-up message that can be manipulated by the PDF."

Bug Fix List
- http://www.foxitsoft...ader/bugfix.htm

Update available through the "Check for Updates" function:
From an admin. account > Help > Check for Updates now > FoxIt Reader 3.3.1.0518 Upgrade

:ph34r:

Edited by apluswebmaster, 22 May 2010 - 06:47 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#19 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 02 July 2010 - 06:57 AM

FYI...

Foxit Reader v4.0 released
- http://www.foxitsoft...loads/index.php
06/29/10

- http://www.foxitsoft...ader/bugfix.php

- http://www.foxitsoft...er/security.php
"... Foxit Reader 4.0 security options include, Security Warning Dialog, Trust Manager (Safe Mode), and in extreme situations the ability to Disable JavaScript completely..."

- http://www.foxitsoft...es_benefits.php

Update now available through the "Check for Updates" function:
From an admin. account > Help > Check for Updates now > FoxIt Reader 4.0.0.0619 Upgrade
07.02.2010

:!:

Edited by apluswebmaster, 02 July 2010 - 07:04 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#20 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 05 August 2010 - 07:00 AM

FYI...

Foxit Reader v4.1.0.0726 released
- http://www.foxitsoft...loads/index.php
08/03/10 - Foxit Reader 4.1 (exe)

- http://www.brotherso...load-61389.html

- http://www.foxitsoft...ader/bugfix.php
Fixed in Foxit Reader 4.1
• Fixed the crash issue when opening certain PDFs.
• Optimized the reading engine and fixed the issue where the scrolling becomes very slowly when reading large PDFs.
• Users will not be prompted to set default PDF reader when either or both Phantom and Foxit Reader is installed.
• PDF icons are reverted to other Reader's PDF icons when Phantom/Foxit Reader is uninstalled, if those exist.
• Fixed the issue where the system sets Foxit Reader as the default PDF viewer without user permission when Foxit Reader launches...

Update now available through the "Check for Updates" function:
From an admin. account: > Help > Check for Updates now > FoxIt Reader 4.1.0.0726 Upgrade
8.4.2010

:ph34r:
.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#21 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 06 August 2010 - 09:17 AM

FYI...

Foxit Reader v4.1.1.0805 available
- http://www.foxitsoft...2010861227.html
Fixed in Foxit Reader 4.1.1
• Foxit Reader 4.1.1.0805 addresses vulnerability associated with the rendering of the PDF's embedded in the new iPhone/iPad jailbreak program.
CVE-2010-1797: http://www.f-secure....s/00002004.html
August 6, 2010

Direct download - latest version
- http://www.foxitsoft...der.php?tag=exe

Update now available through the "Check for Updates" function:
From an admin. account: > Help > Check for Updates now > FoxIt Reader 4.1.1.0805 Upgrade
8.6.2010

- http://www.foxitsoft...y_bulletins.php

- http://securitytrack...ug/1024294.html
Aug 6 2010

- http://www.us-cert.g..._foxit_reader_4

:ph34r:

Edited by apluswebmaster, 09 August 2010 - 04:01 PM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#22 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 29 September 2010 - 08:04 AM

FYI...

FoxIt Reader v4.2.0.0928 released
- http://www.foxitsoft...loads/index.php
09/29/10

- http://www.foxitsoft...ns.php#identity
"... Fixed identity theft issue caused by the security flaw of the digital signature..."

- http://www.foxitsoft...ader/bugfix.php
• Fixed the issue where Foxit Reader crashes if the headline of the PDF content exceeds 512 bytes.
• Fixed the issue where the "delete" option in the right-click popup menu is unavailable when right-clicking the link created by the link tool.
• Fixed the issue where Foxit Reader will pop up two tabs when opening a same PDF file which is targeted by two links, one is created with relative path and the other one is with absolute path.

Update now available through the "Check for Updates" function:
From an admin. account: > Help > Check for Updates now > FoxIt Reader 4.2.0.0928 Upgrade
9.29.2010

- http://secunia.com/advisories/41656/
Release Date: 2010-10-06
Criticality level: Highly critical
Impact: System access
Where: From remote
Solution: Update to version 4.2.0.0928, which also provides a security enhancement to the handling of PDF signatures.

- http://www.foxitsoft...mpany/press.htm
"... 70 million users worldwide..."

:ph34r:

Edited by AplusWebMaster, 27 November 2010 - 10:36 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#23 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 27 November 2010 - 09:52 AM

FYI...

FoxIt Reader v4.3.0.1110 released
- http://www.foxitsoft...loads/index.php
11/16/10

- http://www.foxitsoft...ader/bugfix.php
• Fixed an issue where Foxit Reader crashes when scrolling back after the user scrolls down to view the last page (actual image) of a PDF file.
• Fixed a crash issue when opening certain PDFs.

Update available through the "Check for Updates" function: From an admin. account: > Help > Check for Updates now > FoxIt Reader 4.3.0.1110 Upgrade

:ph34r:
.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#24 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 24 February 2011 - 09:41 PM

FYI...

FoxIt Reader v4.3.1.0218 released
- http://www.foxitsoft...loads/index.php
02/24/11
- http://www.foxitsoft...tins.php#memory
• Fixed an unexpected termination of the Foxit Reader software that is caused by illegal accessing memory when opening some special PDF documents.

Update available through the "Check for Updates" function:
From an admin. account: > Help > Check for Updates now > FoxIt Reader 4.3.1.0218 Upgrade
___

- http://secunia.com/advisories/43329/
Release Date: 2011-02-25
Criticality level: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch
Software: Foxit Reader 4.x
CVE Reference: CVE-2011-0332
... The vulnerability is confirmed in version 4.3.1.0118. Other versions may also be affected.
Solution: Update to version 4.3.1.0218.

- http://www.securityt....com/id/1025129
Feb 25 2011

- http://web.nvd.nist....d=CVE-2011-0332
Last revised: 02/28/2011
CVSS v2 Base Score: 9.3 (HIGH)
"... before 4.3.1.0218..."

:ph34r:

Edited by AplusWebMaster, 14 March 2011 - 01:44 PM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#25 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 15 March 2011 - 06:44 PM

FYI...

Foxit Reader vuln - workaround
- http://secunia.com/advisories/43776/
Release Date: 2011-03-15
Criticality level: Moderately critical
Impact: System access
Where: From remote
Solution Status: Vendor Workaround
Solution: Ensure that "Safe Reading Mode" is enabled.

Foxit Phantom vuln - unpatched
- http://secunia.com/advisories/43625/
Release Date: 2011-03-15
Criticality level: Highly critical
Solution Status: Unpatched
... vulnerability is confirmed in version 2.2.4.0225. Other versions may also be affected.
Solution: Do not open PDF files from untrusted sources.

:ph34r:
.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#26 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 10 June 2011 - 05:23 AM

FYI...

Foxit Reader v5.0.1.0523 released
- http://www.foxitsoft....com/downloads/
05/26/11

Update available through the "Check for Updates" function:
From an admin. account: > Help > Check for Updates now > FoxIt Reader 5.0.1.0523 Upgrade

[NOTE: Despite attempts (de-selections) during the install/upgrade -not- to install the "Ask Toolbar", it gets installed anyway. If it you don't want it, it -must- be uninstalled/removed via the Add/Remove Programs in the Control Panel after the Foxit Reader update/upgrade is installed.]

- http://www.foxitsoft...etins.php#files
"... unexpected termination issue of Foxit Reader when opening some affected files, which is fixed in Reader 5.0. This issue is caused by the memory corruption which could be exploited by viruses to attach or execute malicious code.
Affected Versions: Foxit Reader 4.3.1.0218 and earlier.
Fixed in Version: Foxit Reader 5.0..."
___

- http://web.nvd.nist....d=CVE-2011-1908
Last revised: 06/27/2011
CVSS v2 Base Score: 9.3 (HIGH)
"... Foxit Reader before 4.0.0.0619..."

.

Edited by AplusWebMaster, 06 July 2011 - 10:16 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#27 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 22 July 2011 - 05:28 AM

FYI...

Foxit Reader v5.0.2.0718 released
- http://www.foxitsoft...wnloads/#reader
07/21/11

- http://www.foxitsoft...ins.php#certain

- http://www.foxitsoft...s.php#execution

Fixed in Foxit Reader 5.0.2.0718
- http://www.foxitsoft...der/bugfix.php#
• Fixed a security issue of arbitrary code execution when opening certain PDF files.
• Fixed an unexpected termination issue of Foxit Reader when opening certain PDF files in a web browser.
• Fixed an issue where the page content cannot be displayed when opening certain PDF files in a web browser.
• Fixed an issue where the desktop icons would be rearranged automatically when creating the desktop icon of Foxit Reader 5.0 during installation on Windows XP.
• Fixed an issue where the file name would be a messy code or its extension would be missed when emailing certain PDF files from a web browser.
• Recovered the Print Scale function which was available in pre 5.0 versions...
___

Foxit Reader ActiveX Control Buffer Overflow and Insecure Library Loading vuln
- http://secunia.com/advisories/44947/
Last Update: 2011-07-22
Criticality level: Highly critical
Impact: System access
Where: From remote...
... vulnerabilities are confirmed in version 5.0.1.0523. Other versions may also be affected.
Solution: Update to version 5.0.2.0718.

- http://www.securityt....com/id/1025819
Jul 21 2011
- http://www.securityt....com/id/1025820
Jul 22 2011
________

Direct download
- http://www.foxitsoft...wnloads/#reader

- http://forums.foxits...l-not-available
FoxIt Reader online update v5.0.2.0718 still not available ?
___

... alternative PDF reader:
Sumatra PDF reader for Windows
- http://blog.kowalczy...pdf-reader.html
Sumatra PDF is a free PDF, XPS, DjVu, CBZ and CBR reader for Windows...
- http://blog.kowalczy...pdf-viewer.html
>>> Download Installer: SumatraPDF-1.7-install.exe
Supported OS: Windows 7, Vista, XP.

Version history
- http://blog.kowalczy...rapdf/news.html
Current version: 1.7 (2011-07-18)
Changes in this release:
• favorites
• improved support for right-to-left languages e.g. Arabic
• logical page numbers are displayed and used, if a document provides them...
• allow to restrict SumatraPDF's features with more granularity...
• -named-dest also matches strings in table of contents
• improved support for EPS files (requires Ghostscript)
• more robust installer
• many minor improvements and bugfixes

:question: :ph34r: :!:

Edited by AplusWebMaster, 24 July 2011 - 04:39 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#28 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 22 August 2017 - 05:45 PM

FYI...

Foxit Reader
- http://www.securityt....com/id/1039212
CVE Reference: CVE-2017-10952
Aug 22 2017
Vendor Confirmed:  Yes ...
The vendor was notified on June 22, 2017.
The original advisory is available at:
> http://www.zerodayin...ies/ZDI-17-692/
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
Solution: No solution was available at the time of this entry.
The vendor reportedly does not plan to issue a fix and indicates that 'Secure Mode' (default settings) mitigates this vulnerability...

- http://www.securityt....com/id/1039213
CVE Reference: CVE-2017-10951
Aug 22 2017
Vendor Confirmed:  Yes ...
The vendor was notified on May 18, 2017.
The original advisory is available at:
> http://www.zerodayin...ies/ZDI-17-691/
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
Solution: No solution was available at the time of this entry.
The vendor reportedly does not plan to issue a fix and indicates that 'Secure Mode' (default settings) mitigates this vulnerability...

Zero Day Vulnerabilities (CVE-2017-10951; CVE-2017-10952) with Foxit Reader and PhantomPDF
> https://www.foxitsof...y-bulletins.php
Aug 22 2017 - "... How we plan to solve this problem — add an additional guard in PhantomPDF/Reader code where when opening a PDF document contains these powerful ( and thus potentially insecure) JavaScript functions, the software will check if the document is digitally signed by a verifiable/trustworthy person of entity. Only certified documents can run these powerful JS functions even when “Safe Reading Mode” is turned off.
... When is the fix going to be ready — we plan to release a Reader/PhantomPDF 8.3.2 patch update this week (ETA Aug 25th) with additional guard against misuse of powerful (potentially insecure) JavaScript functions — this will make Foxit software equivalent to what Adobe does..."
___

Security updates available in Foxit Reader 8.3.2 and Foxit PhantomPDF 8.3.2
- https://www.foxitsof...y-bulletins.php
Aug 26, 2017

Downloads: https://www.foxitsof...s/#Foxit-Reader
 

:ninja:


Edited by AplusWebMaster, 26 August 2017 - 07:59 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.




Member of UNITE
Support SpywareInfo Forum - click the button