Just an FYI: March 9, Computerworld - (International) Foxit PDF viewer open to attack, say researchers. Security researchers on March 9 warned of several vulnerabilities in Foxit, a free PDF document viewer that has been recommended as an alternative to Adobe Reader, which currently contains an unpatched critical bug of its own. Foxit Software Co. patched its namesake on March 9 to plug three holes. One of the three vulnerabilities is in the same JBIG2 image compression format fingered by researchers last month as the root of the bug in Adobe System Inc.'s popular Reader and Acrobat applications. The flaw in Adobe's software, which has been exploited by hackers since at least early January, will not be patched until March 11, according to Adobe's schedule. The Foxit and Adobe bugs are unrelated, however, except for the fact that they are both in the code that parses JBIG2 images, said the chief technology officer at Secunia, the Danish company that reported the flaw to Foxit. "It is a completely different vulnerability related to JBIG2," he said in an e-mail on March 9. It was Adobe's confirmation of its bug that prompted Secunia researchers to dig into other PDF viewers. "We did, however, start the research in Foxit out of curiosity based on the Adobe vulnerability, and discovered this new vulnerability," the chief technology officer said. Secunia reported the bug to Foxit on February 27. The remaining two bugs in Foxit were reported February 18 by Core Security Technologies, a developer of penetration testing software. One of the vulnerabilities can trigger a buffer overflow, while the other could be used by attackers to circumvent security warnings.
~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
