Description:Secunia Research has discovered a vulnerability in Foxit Reader, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to a boundary error when parsing format strings containing a floating point specifier in the "util.printf()" JavaScript function. This can be exploited to cause a stack-based buffer overflow via a specially crafted PDF file.
Successful exploitation allows execution of arbitrary code.
The vulnerability is confirmed in version 2.3 build 2825. Other versions may also be affected.
Solution:
The vulnerability is fixed in upcoming version 2.3 build 2912.
Provided and/or discovered by:
Dyon Balding, Secunia Research.
Fixed with its built in updater to version 2.3 build 2923