==================================================================== CERT-Renater Note d'Information No. 2012/VULN383 ____________________________________________________________________ DATE : 26/09/2012 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S) : Systems running Foxit Reader versions prior to 5.4.3. ====================================================================== http://www.foxitsoftware.com/Secure_PDF_Reader/security_bulletins.php#insecure ______________________________________________________________________ Fixed a security issue where the insecure application loading libraries could be exploited to attack the application. SUMMARY Foxit Reader 5.4.3 fixed a security issue where the application loading libraries in an insecure manner could be exploited to execute arbitrary code to attack the application. An insecure .dll file may be placed in the execution directory or current directory and to create a PDF to cause an error. Affected Versions Foxit Reader 5.4.2.0901 and earlier. Fixed in Version Foxit Reader 5.4.3 SOLUTION Please do one of the followings: Please go to "Check for Updates Now" from Reader "Help" menu to update to the latest version of 5.4.3 Click here to download the updated version now. SECURITY PROCESS 2012-9-10: Dmitriy Pletnev of Secunia Research found the issue; 2012-9-11: Core Security Technologies confirmed the issue; 2012-9-25: Foxit fixed the issue; 2012-9-26: Foxit released fixed version of Foxit Reader 5.4.3. ====================================================================== ========================================================= Serveur de référence du CERT-Renater https://services.renater.fr/ssi/ ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23 - 25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email: certsvp@renater.fr + =========================================================