Foxit PDF Reader gets Safe Mode

Posted by

Last Month researcher Didier Stevens showed a proof,  that hackers can Exploit PDF Files Without any Vulnerabilities, just  by using a builtin (“/launch”) feature in the PDF specification, this was considered as the biggest and most dangerous hole. Later Foxit released PDF Reader v3.2.1 a security update to fix that issue.

Now the latest version Foxit PDF Reader 3.3 got a new security featureSafe Mode” or “Trust Manger” which blocks external commands that exploit the “/launch” feature . According to Foxit this is a follow-up security improvement and Trust Manager allows users to select a safe mode operation, once selected; no external commands will be executed by the Foxit Reader.

I n this version  by default the Trust manger or safe mode is enabled, you check it under Preferences tab.


The same issue also exists with Adobe PDF reader, but it warns the users asking for approval to launch the action, but the researcher says it can be still exploitable. But currently there is no patch from Adobe.

You can test the hole  in your PDF reader by downloading this  PDF file that will just launch cmd.exe over  here.

Download : Foxit PDF Reader 3.3 (6.7 MB)