Foxit has released Foxit Reader 5.4.5 to address the web browser plugin vulnerability which could have been exploited by cybercriminals for arbitrary code execution.
“The vulnerability is caused by a boundary error in the Foxit Reader plugin for web browsers (npFoxitReaderPlugin.dll) when processing a URL and can be exploited to cause a stack-based buffer overflow via an overly long file name in the URL,” the company wrote in the advisory it released.
According to the company’s security process timeline, they learned of the issue on January 8 from Secunia, one day after researcher Andrea Micalizzi published a proof-of-concept for the exploit.
On January 11, Core Security Technologies confirmed the issue and Foxit released Firefox Plugin 126.96.36.199 to address the vulnerability.
Today, on January 17, Foxit released the fixed version of Foxit Reader 5.4.5 to update the Firefox plugin.
Users are advised to update as soon as possible.
Foxit Reader is available for download here