OK, now this is BIG. Everyone’s favorite Adobe’s Acrobat Reader substitute, Foxit Reader, mind you, has an enormous hole. It is a security flaw, not yet patched, that does the basic: allows someone to take control of your machine remotely. I myself found this exploit, while doing an update and installing the firefox plugin. Then, my Avira Antivir detected a trojan. At first, tought that it was a false positive, but turned out to be a real threat. It may allow hackers to harvest passwords and bank/credit cards data. The complete explanation of that exploit:
Foxit Reader Firefox Plugin Memory Corruption Vulnerability
Secunia Advisory: SA37049 – Highly critical
Description:
A vulnerability has been discovered in Foxit Reader, which can be exploited by malicious people to potentially compromise a user’s system.
The vulnerability is caused due to an error in the Foxit Reader plugin for Firefox (npFoxitReaderPlugin.dll). This can be exploited to trigger a memory corruption by tricking a user into visiting a specially crafted web page which repeatedly loads and unloads the plugin.
Successful exploitation may allow execution of arbitrary code.
This is related to vulnerability #12 in: SA36983
The vulnerability is confirmed with Foxit Reader version 3.1.2.1013 and Mozilla Firefox 3.5.3. Other versions may also be affected.
Solution:
Do not visit untrusted websites or follow untrusted links.Disable the Foxit Reader plugin in Firefox.
Provided and/or discovered by:
Originally discovered in Adobe Reader by SkyLined.
Reported in Foxit Reader by MrX.
http://secunia.com/advisories/37049/
This affects the latest version update of Foxit Reader – Firefox Plugin
The source is the trusted Secunia website. So, I recommend that you do one of the following: don’t install the firefox plugin; use another pdf reader, like the PDF X-CHANGE VIEWER.
Hope it is usefull, and until the next!
I want to quote your post in my blog. It can?
And you et an account on Twitter?
Sure! Feel free to quote any of the contents of my blog. Sorry for the wait.