본문 바로가기

벌새::Security

업데이트 : PDF-XChange Viewer 2.0 Build 55.0

반응형
Adobe Reader 대체 프로그램으로 유명한 PDF 문서 관련 프로그램이 DLL Hijacking 보안 취약점을 수정한 PDF-XChange Viewer 2.0 Build 55.0 버전을 공개하였습니다.


참고로 이번 버전에서 수정된 사항은 다음과 같습니다.

  1. Altered the method commonly used in Windows to load external dlls to prevent any (even theoretical) vulnerability regarding "DLL-hijacking" as reported for Windows applications.
  2. File Attachment tools are hidden in free version of the viewer when the 'Hide PRO features' option used.
  3. Fixed possible issues when opening/extracting embedded files within secured documents.
  4. Fixed issues when rendering some fonts.
  5. Fixed issues with some non-ascii characters in some PDF files.
  6. Resolved issue with frame size when viewer is embedded into browser.
  7. Resolved issue with wrong form fields content created by the viewer.
  8. Resolved possible issue with layers visibity.
  9. Added exclusive mode for non-commenting tools (see commenting settings in Edit Menu -> Preferences).
  10. Implemented function to work with embedded files using JS.
  11. Shift key is used to temporary toggle exclusive/non-exclusive mode.
  12. Viewer no longer modifes the Producer field in a document's information fields. Instead it uses a custom information field to store data regarding the version used to save a document.
  13. Fixed problems with browser plugin in latest FireFox 4 and Opera releases when they use customized title bar's.
  14. Styles for measure tools now have independent scale values.

해당 취약점을 이용하여 악의적으로 조작된 PDF 문서를 실행할 경우 시스템 감염을 유발시킬 수 있으므로, 해당 프로그램을 이용하시는 분들은 프로그램에서 제공하는 업데이트 체크 기능을 이용하여 최신 버전을 이용하시기 바랍니다.

728x90
반응형