Foxit Enterprise Reader 9.0 Released

Foxit Enterprise Reader 9.0 has been released by Foxit Software.  Foxit Enterprise Reader is a free PDF reader designed to meet the needs of an enterprise.  It is designed to be fully compatible with Adobe Reader and provides full-fidelity viewing of PDF documents.

 

New Features in Foxit Reader 9.0

  • Better accessibility
    Use single key accelerators to access commands or perform some actions, improving the application accessibility to make the reading and working with PDF files more accessible.

  • Reflow upon magnification
    Reflow a PDF file to temporarily present it as a single column that is the width of the document pane, which makes the document easier to read when magnified on a standard monitor, without scrolling horizontally to read the text.

  • Find Command 
    Find a command by typing the command name and bring features to your fingertips with ease.

  • Help Center 
    Provide a Help Center to help users search and find online help conveniently.

  • Advanced protection – available in Foxit Reader (MSI package) only

    • Protect your enterprise data using Windows Information Protection (WIP) to guard against the potential data leakage without otherwise interfering with the employee experience.

    • Protect PDF files using the Microsoft PDF V2 IRM Specification.

    • Enhance Foxit RMS protection to make the RMS-protected files compliant with PDF 2.0.
  • Support bleed mark and overprint simulation
    • Place a bleed mark at each corner of the bleed box to indicate the PDF bleed box boundaries during printing.
    • Simulate overprinting effects for composite output.
  • Digital signatures
    • Support to export digital IDs to .fdf files.
    • Allow users to specify the font and font size and include the Foxit application version number while designing the appearance of a digital signature.

 

Improvements in Foxit Reader 9.0

  • Comment improvements
    • Summarize and export the highlighted text to a TXT file.
    • Format the text in the comment pop-up box.
    • Users can now track the comments that require further actions with new comment status – Deferred and Future, and filter comments by the original author.
  • Advanced search
    • Highlight all the text search results in PDF file.
    • Search for instances that match any of the keywords.
  • Streamline the PDF scan process 
    Streamline the PDF scan process and allow users to output the scanning results as a new PDF file or append it to an existing PDF file.
  • PDF form enhancements
    • View and print the 2D barcode in static XFA forms.
    • Retain font properties when copying and pasting text from Microsoft Word into a text form field in Foxit Reader.
    • Allow users to import form data from a CSV file.
  • Improve the ConnectedPDF features to provide a better user experience.
  • Some other ease of use enhancements.

 

Issues Addressed in Foxit Reader 9.0

  • Fixed some security and stability issues.

 
Vulnerability details

  • Addressed potential issues where the application could be exposed to Type Confusion Remote Code Execution vulnerability. This occurs when executing certain XFA JavaScript functions in crafted PDF files since the application could transform non-CXFA_Node to CXFA_Node by force without judging the data type and use the discrepant CXFA_Node directly (ZDI-CAN-5015/ ZDI-CAN-5016/ZDI-CAN-5017/ZDI-CAN-5018/ZDI-CAN-5019/ ZDI-CAN-5020/ZDI-CAN-5021/ZDI-CAN-5022/ZDI-CAN-5027/ZDI-CAN-5029/ZDI-CAN-5288).
  • Addressed potential issues where the application could be exposed to Type Confusion Remote Code Execution vulnerability. This occurs when executing certain XFA FormCalc functions in crafted PDF files since the application could transform non-CXFA_Object to CXFA_Object by force without judging the data type and use the discrepant CXFA_Object directly (ZDI-CAN-5072/ZDI-CAN-5073).
  • Addressed potential issues where the application could be exposed to Use-After-Free Remote Code Execution vulnerability due to the use of Annot object which has been freed (ZDI-CAN-4979/ZDI-CAN-4980/ZDI-CAN-4981/ZDI-CAN-5023/ZDI-CAN-5024/ZDI-CAN-5025/ZDI-CAN-5026/ZDI-CAN-5028).
  • Addressed potential issues where when the application is not running in Safe-Reading-Mode, it could be exposed to Out-of-Bounds Read Information Disclosure vulnerability with abusing the _JP2_Codestream_Read_SOT function (ZDI-CAN-4982/ZDI-CAN-5013/ZDI-CAN-4976/ZDI-CAN-4977/ZDI-CAN-5012/ ZDI-CAN-5244).
  • Addressed a potential issue where when the application is not running in Safe-Reading-Mode, it could be exposed to Out-of-Bounds Read Information Disclosure vulnerability due to abnormal memory access with abusing the lrt_jp2_decompress_write_stripe function call to open arbitrary file (ZDI-CAN-5014).
  • Addressed potential issues where the application could be exposed to Out-of-Bounds Read Information Disclosure vulnerability when rendering images with abusing the render.image function call to open a local PDF file (ZDI-CAN-5078/ZDI-CAN-5079).
  • Addressed a potential issue where when the application is not running in Safe-Reading-Mode, it could be exposed to Out-of-Bounds Read Information Disclosure vulnerability with abusing the GetBitmapWithoutColorKey function call to open an abnormal PDF file (ZDI-CAN-4978).
  • Addressed a potential issue where the application could be exposed to Out-of-Bounds Read Information Disclosure vulnerability due to uninitialized pointer with abusing the JP2_Format_Decom function call to open an abnormal PDF file (ZDI-CAN-5011).
  • Addressed potential issues where the application could be exposed to User-After-Free Remote Code Execution vulnerability due to the inconsistency of XFA nodes and XML nodes after deletion during data binding (ZDI-CAN-5091/ZDI-CAN-5092/ZDI-CAN-5289).
  • Addressed potential issues where the application could be exposed to User-After-Free Remote Code Execution vulnerability due to the use of document after it has been freed by closeDoc JavaScript (ZDI-CAN-5094/ZDI-CAN-5282/ZDI-CAN-5294/ZDI-CAN-5295/ZDI-CAN-5296).
  • Addressed a potential issue where when the application is running in single instance mode, it could be exposed to arbitrary code execution or denial of service vulnerability and fail to initialize PenInputPanel component by calling CoCreateInstance function when users open a PDF file by double click after launching the application (CVE-2017-14694).
  • Addressed a potential issue where the application could be exposed to Buffer Overflow vulnerability when opening certain EPUB file due to the invalid length of size_file_name in CDRecord in the ZIP compression data.
  • Addressed a potential issue where the application could be exposed to Te Confusion Remote Code Execution vulnerability when opening certain XFA files due to the use of discrepant data object during data binding (ZDI-CAN-5216).
  • Addressed a potential issue where the application could be exposed to Out-of-Bounds Read Information Disclosure vulnerability when the gflags app is enabled due to the incorrect resource loading which could lead to disordered file type filter (ZDI-CAN-5281).
  • Addressed a potential issue where the application could be exposed to Out-of-Bounds Read Information Disclosure vulnerability due to the calling of incorrect util.printf parameter (ZDI-CAN-5290).


Foxit Enterprise Reader is one of the applications that is managed and updated by ODS.  If you are a current customer who has requested Foxit Enterprise Reader, ODS will automatically update your version over the next few days.  The update will install silently.  No user interaction is required.  There are no additional fees or charges for ODS to update your version of Foxit Enterprise Reader. 

If you would like assistance managing and deploying Foxit Enterprise Reader for PCs, please contact H Tech Solutions using the URL below.​

Creative Commons License
H Tech Solutions Blog by Harris Schneiderman is licensed under a Creative Commons Attribution 4.0 International License.
Permissions beyond the scope of this license may be available at https://htechsolutions.biz/contact-us