Didier Stevens, an IT consultant with Contraste Europe, discovered the
vulnerability, which entails getting PDF viewers to automatically
execute embedded executables when the PDF file is opened. ...
"To address the specific problems outlined, Foxit has added a warning
dialog box that will pop up when a PDF file is opened with Foxit
Reader, asking the user to agree to execute or not," the company
continued. "This solution adds a layer of safety yet maintains Foxit
Reader’s compliance with current PDF standards."
Adobe already has a warning box in place, but Stevens claims there's a
way for hackers to partially alter the dialog. According to eWEEK,
Adobe is discussing the potential threat but didn't say if it would take
any further precautions.
So, Foxit has dealt with the threat while Adobe has not yet.
Download the latest version of Foxit Reader here to fix this security hole.