Foxit PDF Reader beats Adobe to the patch.

The currently actively exploited PDF reader vulnerability that was reported over on the Malware Blog in February, has been causing some serious concerns for users.


Exploitation of the vulnerability, through deliberately malformed PDF documents, results in malicious files being dropped on the victim machine, including the Trojan TROJ_PIDIEF.IN.


The exploit was also unwittingly given a helping hand by Windows Explorer Shell Extensions, allowing the malicious code to be triggered even without the user opening the bad PDF, (a proof of concept was posted by Didier Stevens here).


Despite the security advice  issued by US-CERT, the absence of a patch for the world’s most popular PDF software (Adobe Acrobat Reader) and the ubiquitousness of the vulnerability across applications and platforms from many vendors, meant that the best advice to date has simply been to use extreme caution in opening PDF files from unknown sources, or when clicking on links to PDFs in your internet browser.


Why do I bring this relatively old news up now? Well it looks like the good folk over at Foxit Software have beaten Adobe to the punch with a patch to remedy this vulnerability in thier own Foxit Reader. The patch for version 9 of Adobe Acrobat Reader is still anticipated on March 11th, with patches for versions 7 & 8 due one week later.


UPDATE: Adobe have released their Acrobat Reader patch a day ahead of schedule, available here.

Leave a Reply

Your email address will not be published. Required fields are marked *


This site uses Akismet to reduce spam. Learn how your comment data is processed.