Foxit Reader - PDF viewer

Submit portable freeware that you find here. It helps if you include information like description, extraction instruction, Unicode support, whether it writes to the registry, and so on.
Message
Author
User avatar
SYSTEM
Posts: 1772
Joined: Sat Jul 31, 2010 1:19 am
Location: Helsinki, Finland

Re: Foxit Reader - PDF viewer

#46 Post by SYSTEM » Wed Aug 23, 2017 9:13 pm

webfork wrote:
SYSTEM wrote:Two security vulnerabilities have been found in Foxit Reader, and Foxit Software has refused to fix them.
Where did you get that they're refusing to fix them?
Direct quote from the security advisories I linked:
07/20/17 - The vendor indicated this will not be fixed because this can be mitigated by Secure Mode
And for the record, Secure Mode is enabled by default, which means that Foxit users are safe unless they disable it.

----
webfork wrote: Also, I am so very sick of PDF exploits. Why on earth is this still an issue? I *almost* get that some office Macros could cause problems but PDF? How is this a thing?
The main reason is that PDF simply contains way too many features. Both exploits here utilize JavaScript, which is very rarely needed, but a goldmine for exploits. Also, here's a beautiful quote from the hacking journal PoC||GTFO, issue 0x12, page 24:
Krzysztof Kotowicz and G´abor Moln´ar wrote: At this point, you might wonder why Adobe implemented rendering embedded Flash movies in a 3D scene in a PDF file displayed in a browser.
My YouTube channel | Release date of my 11th playlist: January 26, 2018

User avatar
webfork
Posts: 7792
Joined: Wed Apr 11, 2007 8:06 pm
Location: US, Texas
Contact:

Re: Foxit Reader - PDF viewer

#47 Post by webfork » Thu Aug 24, 2017 5:37 pm

SYSTEM wrote:The vendor indicated this will not be fixed because this can be mitigated by Secure Mode
Sorry, should have looked more closely.
SYSTEM wrote:And for the record, Secure Mode is enabled by default, which means that Foxit users are safe unless they disable it.
Weird.
SYSTEM wrote:At this point, you might wonder why Adobe implemented rendering embedded Flash movies in a 3D scene in a PDF file displayed in a browser.
lol ... nice
Supporting Net Neutrality - BattleForTheNet | Why this matters | More from EFF.org

Post Reply