It is currently Thu Sep 21, 2017 11:27 am

All times are UTC - 8 hours




Post new topic Reply to topic  [ 47 posts ]  Go to page Previous  1, 2, 3, 4
Author Message
 Post subject: Re: Foxit Reader - PDF viewer
PostPosted: Wed Aug 23, 2017 9:13 pm 
Offline
User avatar

Joined: Sat Jul 31, 2010 1:19 am
Posts: 1698
Location: Helsinki, Finland
webfork wrote:
SYSTEM wrote:
Two security vulnerabilities have been found in Foxit Reader, and Foxit Software has refused to fix them.

Where did you get that they're refusing to fix them?


Direct quote from the security advisories I linked:

Quote:
07/20/17 - The vendor indicated this will not be fixed because this can be mitigated by Secure Mode


And for the record, Secure Mode is enabled by default, which means that Foxit users are safe unless they disable it.

----

webfork wrote:
Also, I am so very sick of PDF exploits. Why on earth is this still an issue? I *almost* get that some office Macros could cause problems but PDF? How is this a thing?


The main reason is that PDF simply contains way too many features. Both exploits here utilize JavaScript, which is very rarely needed, but a goldmine for exploits. Also, here's a beautiful quote from the hacking journal PoC||GTFO, issue 0x12, page 24:

Krzysztof Kotowicz and G´abor Moln´ar wrote:
At this point, you might wonder why Adobe implemented rendering embedded Flash movies in a 3D scene in a PDF file displayed in a browser.

_________________
My YouTube channel | Release date of my tenth playlist: January 16, 2017


Top
 Profile  
 
 Post subject: Re: Foxit Reader - PDF viewer
PostPosted: Thu Aug 24, 2017 5:37 pm 
Offline
User avatar

Joined: Wed Apr 11, 2007 8:06 pm
Posts: 7216
Location: US, Texas
SYSTEM wrote:
The vendor indicated this will not be fixed because this can be mitigated by Secure Mode

Sorry, should have looked more closely.

SYSTEM wrote:
And for the record, Secure Mode is enabled by default, which means that Foxit users are safe unless they disable it.

Weird.

SYSTEM wrote:
At this point, you might wonder why Adobe implemented rendering embedded Flash movies in a 3D scene in a PDF file displayed in a browser.

lol ... nice

_________________
Supporting Net Neutrality - BattleForTheNet | Why this matters | More from EFF.org


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 47 posts ]  Go to page Previous  1, 2, 3, 4

All times are UTC - 8 hours


Who is online

Users browsing this forum: No registered users and 14 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  

Protected by Anti-Spam ACP Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group