Are there any available workarounds that would mitigate the threat? I suppose I could just upload all my PDFs to Google Docs in the meantime, but I'm looking for something that I could use while offline...
--Rohit Patnaik On Tue, Oct 13, 2009 at 7:35 PM, mrx <[email protected]> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > No, I installed latest updates prior to testing. > They should be aware of this however considering what appear to be > striking similarities in the code base between Foxit and Adobe > readers, at least as far as shared bugs go. > If not they will be aware of this after they read the email I sent them. > > MrX > > Rohit Patnaik wrote: > > Has Foxit released an update for this? > > > > --Rohit Patnaik > > > > On Tue, Oct 13, 2009 at 6:40 PM, mrx <[email protected]> wrote: > > > > > > It would appear that Foxit reader version 3.1.1.0928 is also > > vulnerable to this memory corruption flaw. > > Foxit reader was also vulnerable to the JPEG2000/JBIG2 decoder bug. > > > > Makes me wonder how much code is common to both Adobes and Foxits PDF > > readers > > > > MrX > > > > > > Berend-Jan Wever wrote: > > >>> Adobe bulletin: > > >>> http://www.adobe.com/support/security/bulletins/apsb09-15.html > > >>> > > >>> Short description and repro case: > > >>> > > > http://skypher.com/index.php/2009/10/13/memory-corruption-when-loadingunloading-adobe-objects-through-embed-tag-in-firefox/ > > >>> Cheers, > > >>> > > >>> SkyLined > > >>> < > > > http://skypher.com/index.php/2009/10/13/memory-corruption-when-loadingunloading-adobe-objects-through-embed-tag-in-firefox/ > > >>> Berend-Jan Wever <[email protected]> > > >>> http://skypher.com/SkyLined > > >>> > > >>> > > >>> > > ---------------------------------------------------------------------- > > >>> > > >>> _______________________________________________ > > >>> Full-Disclosure - We believe in it. > > >>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html > > >>> Hosted and sponsored by Secunia - http://secunia.com/ > >> > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > >> > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.2 (MingW32) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > > iQEVAwUBStUc0LIvn8UFHWSmAQIITggAxL/oV6LGNuqfXj59xbV3fLAdh/6aeE7I > hna0TysRDSi/bN+lE/JLyh+F8WDdr/uNb4Kzc+mTEd5vVqTp2Qlw5ctkQu9AcCxn > Gk9khwhgRkxYfE/DF9RsFluRMacEaYMUNuectMz+ViCiLhYiLSBrcN9N6khSBIHZ > o8ttvZBlt9ovlIu08dmuexcIVpIax8SHJj+lPWtuuRYNw/PB02hu3Pnm839nP0cD > o8ZQPXkG7zvVgBVdMoVCGLWkMgw1T9P73+32TqTC7aAuY9mwRWhG3o2LZo+/Iicl > Z/uIBT74SWzWZOdhzwdQdlXpmKXad1A8W7XxqfFLhea6WYmbj/MzHg== > =bPXc > -----END PGP SIGNATURE----- > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
