March 25th, 2009

Foxit PDF Reader being exploited in the wild

Posted by Ryan Naraine @ 8:53 am

Categories: Anti Virus, Arbitrary Code Execution, Browsers, Data theft, Denial of Service (DoS), Exploit code, Malware, Patch Watch, Pen testing, Responsible disclosure, Viruses and Worms, Vulnerability research, Zero-day attacks

Tags: Software, Malware, Exploit, Foxit, Spyware, Adware & Malware, Cyberthreats, Security, Viruses And Worms, Ryan Naraine

Adobe isn’t the only PDF software maker facing in-the-wild malware attacks.

Just weeks after the availability of patches for critical security flaws in the popular FoxIt Reader, there is word that malicious hackers are already targeting unpatched versions of the software.

According to Symantec’s Sean Hittel:

• On March 20, our honeypots began detecting exploits for the Foxit PDF reader. Although it is not clear if this specific attacker intentionally wanted to target users of the Foxit Reader who had installed and not updated their software, or if the exploit was simply added to the attack toolkit when it became public, users should nonetheless review their installations to ensure that they are not vulnerable to this attack. Foxit has fixed all known security vulnerabilities, and you can review their security bulletins here.

[ SEE: Secunia finds 'highly critical' Foxit Reader Flaw ]

Hittel said the FoxIt exploits are exploiting these known vulnerabilities and have been fitted into an exploit toolkit that serves a variety of software exploits.

As always, if you have FoxIt Reader installed on your machine, upgrade to FoxIt 3.0 immediately.