Last Month researcher Didier Stevens showed a proof, that hackers can Exploit PDF Files Without any Vulnerabilities, just by using a builtin (“/launch”) feature in the PDF specification, this was considered as the biggest and most dangerous hole. Later Foxit released PDF Reader v3.2.1 a security update to fix that issue.
Now the latest version Foxit PDF Reader 3.3 got a new security feature “Safe Mode” or “Trust Manger” which blocks external commands that exploit the “/launch” feature . According to Foxit this is a follow-up security improvement and Trust Manager allows users to select a safe mode operation, once selected; no external commands will be executed by the Foxit Reader.
I n this version by default the Trust manger or safe mode is enabled, you check it under Preferences tab.
[ad#ads-inner]
The same issue also exists with Adobe PDF reader, but it warns the users asking for approval to launch the action, but the researcher says it can be still exploitable. But currently there is no patch from Adobe.
You can test the hole in your PDF reader by downloading this PDF file that will just launch cmd.exe over here.
Download : Foxit PDF Reader 3.3 (6.7 MB)