Andrea Micalizzi has reported a vulnerability in Foxit Reader and Foxit PhantomPDF, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to a boundary error in the Foxit plugin for browsers (npFoxitReaderPlugin.dll) when processing a URL and can be exploited to cause a stack-based buffer overflow via e.g. an overly long file name in the URL.
Successful exploitation allows execution of arbitrary code.
The vulnerability is confirmed in Foxit Reader version 22.214.171.1248 (npFoxitReaderPlugin.dll version 126.96.36.1990) and reported in Foxit PhantomPDF version 5.4.2. Prior versions may also be affected.
Solution: Update to Foxit Reader version 5.4.5 (npFoxitReaderPlugin.dll version 188.8.131.52) and Foxit PhantomPDF version 5.4.3.
Provided and/or discovered by: Andrea Micalizzi (rgod)
Original Advisory: Foxit:
Andrea Micalizzi (rgod):
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this
information to firstname.lastname@example.org
Score: 0 Posts: 3 User Since: 18th Jun 2010 System Score: N/A Location: UK Last edited on 16th Jan, 2013 13:33
Foxit has published a patch on the 14th. See http://www.foxitsoftware.com/support/security_bull... When I was viewing a PDF in the stand-alone version, Foxit offered the update to me, and installed the browser plugin, apparently without changing the standaloone mother program.
Score: 7 Posts: 51 User Since: 4th Feb 2011 System Score: N/A Location: DE
(unknown source) Foxit has published a patch on the 14th. See http://www.foxitsoftware.com/support/security_bull... When I was viewing a PDF in the stand-alone version, Foxit offered the update to me, and installed the browser plugin, apparently without changing the standaloone mother program.
I can't find this in the provided link. I only read that FOXIT Advanced PDF Editor 184.108.40.206 is fixed.