Foxit Reader 歷史舊版本 Page8

更新時間：2021-07-27
更新細節：

What's new in this version:

Fixed some security and stability issues:
- Addressed potential issues where the application could be exposed to Out-of-Bounds Read/Write or Null Pointer Dereference vulnerability and crash when parsing certain PDF files. This occurs due to the access violation in the array subscript when storing the offset value for the indirect object because the array size created based on the /Size entry whose value is smaller than the actual maximum indirect object number is not enough to accommodate the data.
- Addressed a potential issue where the application could be exposed to Out-of-Bounds Read Information Disclosure vulnerability and crash when processing certain arguments. This occurs due to the access of illegal memory as the application fails to restrict the access to an array outside its bounds when calling the util.scand function.
- Addressed potential issues where the application could be exposed to Use-after-Free Remote Code Execution vulnerability and crash when handling certain Javascripts or annotation objects. This occurs due to the use or access of memory, pointer, or object that has been freed without proper validation (CVE-2021-21831/ZDI-CAN-13741/CVE-2021-21870/ZDI-CAN-13928/ZDI-CAN-14270/ZDI-CAN-14529/ZDI-CAN-14531/ZDI-CAN-14532).
- Addressed a potential issue where the application could be exposed to Arbitrary File Write vulnerability when executing the submitForm function. Attackers could exploit this vulnerability to create arbitrary files in the local system and inject the uncontrolled contents.
- Addressed potential issues where the application could be exposed to Use-after-Free Remote Code Execution vulnerability and crash when handling the annotation objects in certain PDF files if the same Annotation dictionary is referenced in the page structures for different pages. This occurs as multiple annotation objects are associated to the same Annotation dictionary (ZDI-CAN-13929/ZDI-CAN-14014/ZDI-CAN-14015/ZDI-CAN-14016/ZDI-CAN-14017/ZDI-CAN-14018/ZDI-CAN-14019/ZDI-CAN-14020/ZDI-CAN-14021/ZDI-CAN-14022/ZDI-CAN-14023/ZDI-CAN-14024/ZDI-CAN-14025/ZDI-CAN-14033/ZDI-CAN-14034/ZDI-CAN-14013).
- Addressed a potential issue where the application could be exposed to Use-after-Free vulnerability and crash when handling certain events of form elements. This occurs due to the use of Field object that has been cleaned up after executing events using the event.target property (CVE-2021-21893).
- Addressed a potential issue where the application could be exposed to Stack Overflow vulnerability and crash when parsing XML data with too many embedded nodes. This occurs as the recursion level exceeds the maximum recursion depth when parsing XML nodes using recursion.
- Addressed a potential issue where the application could be exposed to Use-after-Free Remote Code Execution vulnerability and crash when traversing bookmark nodes in certain PDF files. This occurs due to stack overflow caused by the infinite loop as the application fails to handle the loop condition correctly (ZDI-CAN-14120).

更新時間：2021-07-27
更新細節：

更新時間：2021-07-15
更新細節：

更新時間：2021-05-25
更新細節：

更新時間：2021-05-25
更新細節：

What's new in this version:

New Features and Improvements:
- The software has been renamed from Foxit Reader to Foxit PDF Reader
- The user interface is now simpler, clearer, and more intuitive to improve efficiency and productivity
- Redesign the overall interface, including icons, the ribbon, and panels, with simple appearances and clear function arrangement
- Discard the Arrange tab and Format tab that appear on the ribbon when you annotate. Instead, a Format tab appears in the right panel when you make comments
- We now provide the Share function on the File page
- The software update workflows have been redesigned to offer tips and guidance, to improve usability
- Support more 3D functions
- View PRC format 3D PDF files
- Add (2D) comments to a 3D model, or convert 3D measurements to comments
- Enhanced the 3D measurement tool with radius measurement support, and provide Snap To options that can help you to precisely position the elements of 3D content you want to measure
- Digital signature enhancement
- Support EUTL (European Union Trusted Lists) certificates for convenient signature validatio
- Provide an option to customize the logo (Foxit PDF Editor icon by default) shown on digital signature appearances
- More seamless integration with ECM
- Various enhancements in SharePoint integration. For example, when saving a PDF document in a SharePoint library that is configured with Content Types, enable users to change the document content type, and access and edit the metadata related to content type
- Offers more text patterns (like IBAN and Driving License Number) and countries in the Search panel
- Adjust the login UI for easier access to your DocuSign account, and allow login using your corporate SSO
- Provide more settings for enterprise deployment using GPO (Group Policy) or FCW (Foxit Customization Wizard)
- Show the number of files contained in the folder in PDF portfolios. Users can work with PDF files directly in the portfolio preview pane
- (MSI Package Only) Classify and protect with labels in Microsoft Azure Information Protection (AIP
- The feature is helpful for enterprises to classify and protect documents by applying labels that are configured by administrators with protection settings such as which people can read and use protected documents
- Other enhancements to the user experience
- Fixed some stability issues

更新時間：2021-05-07
更新細節：

What's new in this version:

Fixed some security and stability issues:
- Brief
- Addressed potential issues where the application could be exposed to Memory Corruption vulnerability and crash when exporting certain PDF files to other formats. This occurs due to the access violation, which could be exploited by attackers to execute remote code.
- Addressed potential issues where the application could be exposed to Denial of Service vulnerability and crash when handling certain XFA forms or link objects. This is caused by stack overflow as there are too many levels or dead loops during the recursive call of functions.
- Addressed potential issues where the application could be exposed to Denial of Service, Null Pointer Reference, Out-of-Bounds Read, Context Level Bypass, Type Confusion, or Buffer Overflow vulnerability and crash, which could be exploited by attackers to execute remote code. This occurs during the implementation of certain functions in JavaScript due to the use of incorrect parameters or objects without proper validation.
- Addressed a potential issue where the application could be exposed to Arbitrary File Deletion vulnerability due to improper access control. Local attackers could exploit this vulnerability to create a symbolic link and cause arbitrary files to be deleted once the application is uninstalled by an admin user.
- Addressed a potential issue where the application could deliver incorrect signature information for certain PDF files that contained invisible digital signatures. This occurs as the application gets the certificate name in an incorrect order and displays the document owner as the signature author by mistake.
- Addressed potential issues where the application could be exposed to DLL Hijacking vulnerability when it was launched, which could be exploited by attackers to execute remote code by placing a malicious DLL in the specified path directory. This occurs due to the improper behavior while loading libraries, including loading the libraries in the installation directory as precedence when loading system libraries, loading the libraries that are disguised as system libraries in the installation folder without proper validation, and failing to use the fully qualified paths when loading external libraries
- Addressed potential issues where the application could be exposed to Out-of-Bounds Write/Read Remote Code Execution or Information Disclosure vulnerability and crash when handling certain JavaScripts or XFA forms. This occurs due to the use of abnormal data that exceeds the maximum size allocated in parameters without proper validation.
- Addressed a potential issue where the application could be exposed to Out-of-Bounds Write vulnerability when parsing certain PDF files that contain nonstandard /Size key value in the Trailer dictionary. This occurs due to the access of an array whose size is not enough to accommodate the data.
- Addressed a potential issue where the application could be exposed to Out-of-Bounds Write vulnerability and crash when converting certain PDF files to Microsoft Office files. This occurs as the PDF object data defined in the Cross-Reference Table is corrupted.
- Addressed potential issues where the application could be exposed to Use-after-Free Remote Code Execution vulnerability and crash when handling certain XFA forms or annotation objects. This occurs due to the use or access of the objects that have been released or deleted.
- Addressed potential issues where the application could be exposed to Arbitrary File Write Remote Code Execution vulnerability when executing certain JavaScripts. This occurs as the application fails to restrict the file type and validate the file path in extractPages and CombineFiles functions.
- Addressed potential issues where the application could be exposed to SQL Injection Remote Code Execution vulnerability. Attackers could exploit this vulnerability to insert or delete databases by inserting codes at the end of the strings.
- Addressed a potential issue where the application could be exposed to Uninitialized Variable Information Disclosure vulnerability and crash. This occurs due to the array access violation resulting from the discrepant information in the form control when users press the Tab key to get focus on a field and input new text in certain XFA forms.
- Addressed potential issues where the application could be exposed to Out-of-Bounds Read or Heap-based Buffer Overflow vulnerability and crash, which could be exploited by attackers to execute remote code or disclose sensitive information. This occurs due to the logic error or improper handling of elements when working with certain PDF files that define excessively large value in the file attribute or contain negative leadDigits value in the file attribute.

更新時間：2021-05-06
更新細節：

What's new in this version:

- Addressed potential issues where the application could be exposed to Memory Corruption vulnerability and crash when exporting certain PDF files to other formats. This occurs due to the access violation, which could be exploited by attackers to execute remote code.
- Addressed potential issues where the application could be exposed to Denial of Service vulnerability and crash when handling certain XFA forms or link objects. This is caused by stack overflow as there are too many levels or dead loops during the recursive call of functions.
- Addressed potential issues where the application could be exposed to Denial of Service, Null Pointer Reference, Out-of-Bounds Read, Context Level Bypass, Type Confusion, or Buffer Overflow vulnerability and crash, which could be exploited by attackers to execute remote code. This occurs during the implementation of certain functions in JavaScript due to the use of incorrect parameters or objects without proper validation.
- Addressed a potential issue where the application could be exposed to Arbitrary File Deletion vulnerability due to improper access control. Local attackers could exploit this vulnerability to create a symbolic link and cause arbitrary files to be deleted once the application is uninstalled by an admin user.
- Addressed a potential issue where the application could deliver incorrect signature information for certain PDF files that contained invisible digital signatures. This occurs as the application gets the certificate name in an incorrect order and displays the document owner as the signature author by mistake.
- Addressed potential issues where the application could be exposed to DLL Hijacking vulnerability when it was launched, which could be exploited by attackers to execute remote code by placing a malicious DLL in the specified path directory. This occurs due to the improper behavior while loading libraries, including loading the libraries in the installation directory as precedence when loading system libraries, loading the libraries that are disguised as system libraries in the installation folder without proper validation, and failing to use the fully qualified paths when loading external libraries.
- Addressed potential issues where the application could be exposed to Out-of-Bounds Write/Read Remote Code Execution or Information Disclosure vulnerability and crash when handling certain JavaScripts or XFA forms. This occurs due to the use of abnormal data that exceeds the maximum size allocated in parameters without proper validation.
- Addressed a potential issue where the application could be exposed to Out-of-Bounds Write vulnerability when parsing certain PDF files that contain nonstandard /Size key value in the Trailer dictionary. This occurs due to the access of an array whose size is not enough to accommodate the data.
- Addressed a potential issue where the application could be exposed to Out-of-Bounds Write vulnerability and crash when converting certain PDF files to Microsoft Office files. This occurs as the PDF object data defined in the Cross-Reference Table is corrupted.
- Addressed potential issues where the application could be exposed to Use-after-Free Remote Code Execution vulnerability and crash when handling certain XFA forms or annotation objects. This occurs due to the use or access of the objects that have been released or deleted.
- Addressed potential issues where the application could be exposed to Arbitrary File Write Remote Code Execution vulnerability when executing certain JavaScripts. This occurs as the application fails to restrict the file type and validate the file path in extractPages and CombineFiles functions.
- Addressed potential issues where the application could be exposed to SQL Injection Remote Code Execution vulnerability. Attackers could exploit this vulnerability to insert or delete databases by inserting codes at the end of the strings.
- Addressed a potential issue where the application could be exposed to Uninitialized Variable Information Disclosure vulnerability and crash. This occurs due to the array access violation resulting from the discrepant information in the form control when users press the Tab key to get focus on a field and input new text in certain XFA forms.
- Addressed potential issues where the application could be exposed to Out-of-Bounds Read or Heap-based Buffer Overflow vulnerability and crash, which could be exploited by attackers to execute remote code or disclose sensitive information. This occurs due to the logic error or improper handling of elements when working with certain PDF files that define excessively large value in the file attribute or contain negative leadDigits value in the file attribute.

更新時間：2021-03-23
更新細節：

What's new in this version:

- Fixed some security and stability issues

Solution:
- Update your applications to the latest versions by following one of the methods below
- From the “Help” tab of Foxit Reader or Foxit PhantomPDF, click on “Check for Updates” and update to the latest version
- Click here to download the updated version of Foxit Reader from our website
- Click here to download the updated version of Foxit PhantomPDF from our website

Acknowledgement:
Addressed a potential issue where the application could be exposed to Out-of-Bounds Read vulnerability and crash, which could be exploited by attackers to execute remote code. This occurs due to the improper release of resources when parsing certain JPEG2000 files (ZDI-CAN-12230).

更新時間：2020-12-09
更新細節：

What's new in this version:

- Fixed some security and stability issues

更新時間：2020-12-09
更新細節：

What's new in this version:

save2pc 5.6.2.1610
- Change log not available for this version


save2pc 5.6.2.1609
- Change log not available for this version


save2pc 5.6.2.1608
- Change log not available for this version


save2pc 5.6.2.1607
- Change log not available for this version


save2pc 5.6.1.1606
- Change log not available for this version


save2pc 5.6.1.1605
- Change log not available for this version


save2pc 5.6.1.1604
- Change log not available for this version


save2pc 5.6.1.1603
- Change log not available for this version


save2pc 5.6.1.1602
- Change log not available for this version


save2pc 5.6.1.1601
- Change log not available for this version


save2pc 5.5.9.1598
- Change log not available for this version


save2pc 5.5.9.1597
- Change log not available for this version


save2pc 5.5.9.1596
- Change log not available for this version


save2pc 5.5.9.1595
- Change log not available for this version


save2pc 5.5.9.1593
- Change log not available for this version


save2pc 5.5.8.1592
- Change log not available for this version


save2pc 5.5.8.1591
- Change log not available for this version


save2pc 5.5.8.1589
- Change log not available for this version


save2pc 5.5.8.1587
- Change log not available for this version


save2pc 5.5.7.1586
- Change log not available for this version


save2pc 5.5.7.1585
- Change log not available for this version


save2pc 5.5.7.1584
- Change log not available for this version


save2pc 5.5.6.1583
- Change log not available for this version


save2pc 5.5.6.1582
- Change log not available for this version


save2pc 5.5.6.1581
- Change log not available for this version


save2pc 5.5.5.1580
- Change log not available for this version


save2pc 5.5.5.1579
- Change log not available for this version


save2pc 5.5.4.1578
- Change log not available for this version


save2pc 5.5.4.1577
- Change log not available for this version


save2pc 5.5.4.1576
- Change log not available for this version


save2pc 5.5.4.1575
- Change log not available for this version