![]() ![]() Ironically, the first example of such a plugin for Netscape was written at…Adobe Systems. → The np at the start of the filename stands for “Netscape Plugin”, a plugin architecture that originated in the heady days of Netscape Navigator. That’s not good.įoxit openly promotes its PDF reader as a secure platform that “ insures worry free operation against malicious virus ”, which may sound like a bold statement in the face of Micalizzi’s bug.īut there is still literal truth in Foxit’s claim: the bug is not in the PDF reader itself, but in the npFoxitReaderPlugin.dll file that acts as the glue between the browser and the reader. ![]() The crash, which is a side-effect of a stack overflow, pretty much lets you write to a memory location of your choice. (I used Firefox 18.0 with Foxit Plugin 2.2.1.530 on Windows XP3.) Micalizzi hasn’t actually produced a proof-of-concept exploit, but I was able to reproduce his result at will. Here’s an example: Italian security researcher Andrea Micalizzi has recently sought, and found, a possibly-exploitable vulnerability in the latest Foxit PDF plugin for Firefox. You can therefore expect other vendors of PDF software to start feeling some of the heat that would probably have been aimed entirely at Adobe in years gone by. That’s because Adobe’s PDF reader has long been the most prevalent product in the marketplace, and the most heavily targeted by attackers and researchers.īut there are plenty of challengers in the PDF software market, and it’s important to remember that just “being different” is not enough to deliver security on its own.Īlso, since Adobe released Reader X, with its security-oriented sandbox, crooks and researchers alike have found Adobe’s PDF nut much harder to crack. When you think of PDF vulnerabilities and exploits, the first word that comes to mind is probably Adobe.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |