Re: [情報] PDF漏洞威脅增高
Foxit Reader 2.3和Foxit Reader 3.0都有更新檔!
Foxit Reader 3.0最新版是3.0 Build 1506。(奇怪為何不改為3.1)
Foxit Reader 2.3最新版是2.3 Build 3902。(奇怪為何不改為2.4)
JPEG2000/JBIG Decoder(fzip) 也改版了!
我大致看了一下說明2.3和3.0都在2009年3月9日改了最新版,其中一個
原因是修正安全問題。
下載處:
http://www.foxitsoftware.com/downloads/
PS:Foxit也有Javascript,記得到Edit->Preference--> JavaScript
去取消勾選JavaScript的功能。
--
Foxit Reader 3.0 Build 1506更新部分的英文說明:
What's New in Foxit Reader 3.0 Build 1506
Vulnerabilities Fixed:
1. Fixed the issue of stack-based buffer overflow.
Foxit PDF files include actions associated with different triggers. If an
action (Open/Execute a file, Open a web link, etc.) is defined in the PDF
files with an overly long filename argument and the trigger condition is
satisfied, it will cause a stack-based buffer overflow.
2. Fixed the issue of security authorization bypass.
If an action (Open/Execute a file, Open a web link, etc.) is defined in
the PDF files and the trigger condition is satisfied, Foxit Reader will do
the action defined by the creator of the PDF file without popping up a dialog
box to confirm.
3. Fixed the issue of JBIG2 Symbol Dictionary Processing
While decoding a JBIG2 symbol dictionary segment, an array of 32-bit
elements is allocated having a size equal to the number of exported symbols,
but left uninitialised if the number of new symbols is zero. The array is
later accessed and values from uninitialised memory are used as pointers when
reading memory and performing calls.
※ 編輯: ilanese 來自: 61.216.240.119 (03/11 13:35)
推
03/11 17:29, , 1F
03/11 17:29, 1F
推
03/21 01:36, , 2F
03/21 01:36, 2F
討論串 (同標題文章)