Announcement

Collapse
No announcement yet.

Wikileaks—CIA: FoxitReader Portable DLL Hijack

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Bug Wikileaks—CIA: FoxitReader Portable DLL Hijack

    https://wikileaks.org/ciav7p1/cms/page_27263006.html

  • #2
    Hi stochos,

    Could you please confirm which version of Foxit Reader the article refers to?

    Comment


    • #3
      I don't know. I was merely passing on the information—as a long term user of your products.

      Comment


      • #4
        stochos Thanks for informing us the article about "Vault 7: CIA Hacking Tools Revealed". In this article,it stated the following two new DLL hijack issues with Foxit Reader:
        #1 - Foxit Reader attempts to auto update itself, looking for a DLL named “UpdateLOC.dll” from its plugins folder (\Foxit Reader\plugins).
        We confirm that there’s no “UpdateLOC.dll” under its plugins folder (\Foxit Reader\plugins), so there’s no such hijack issue in Foxit Reader.
        #2 - Foxit attempts to load the system DLL “msimg32.dll” adjacent to itself first (\app\Foxit Reader\) before loading it in the proper location.
        We don’t attempt to load the system DLL “msimg32.dll” adjacent to itself first (\app\Foxit Reader\) as we call GetSystemDirectory() directly to get the real msimg32.dll. Foxit use a fully qualified path name when loading “msimg32.dll”, so there’s no such hijack issue in Foxit Reader.
        More information about guidance for developers on how to load libraries securely can be found at:
        https://blogs.technet.microsoft.com/...attack-vector/
        “While there are several affected situations, described in detail in the above MSDN article, our general recommendations are: Where possible, use a fully qualified path name when loading a library; ….”Please don’t hesitate to contact us if you have any security questions: security-ml@foxitsoftware.com.

        Comment

        Working...
        X