Foxit Software has fixed a critical security hole in its PDF plugin for web browsers.

A bug in the code allowed overly long URLs in web links to crash the utility - billed as a "better" alternative to Adobe's software - or potentially inject malicious code into vulnerable Windows systems. The stack-based buffer overflow flaw [1] is present in versions 5.4.4 and earlier of the software.

Users of the PDF-viewing plugin are advised to update to version 5.4.5 as explained in an advisory by Foxit [2]. The company credits Danish security notification firm Secunia and Core Security Technologies for finding and confirming the issue in the Firefox build of the software, respectively. ®

Links

1. http://www.theregister.co.uk/2013/01/11/foxit_pdf_plugin_vuln
2. http://www.foxitsoftware.com/support/security_bulletins.php#FRD-18

Related stories

• 'Better than Adobe' Foxit PDF plugin hit by worse-than-Adobe 0-day (11 January 2013)

  http://www.theregister.co.uk/2013/01/11/foxit_pdf_plugin_vuln/

• Adobe Reader 0-day exploit surfaces on underground bazaars (8 November 2012)

  http://www.theregister.co.uk/2012/11/08/adobe_reader_zero_day/

• Most Adobe Reader installs are out of date (14 July 2011)

  http://www.theregister.co.uk/2011/07/14/adobe_reader_patching_poor/