Translate
Francais Español Deutsch
 
 
   

Product Choosing Wizards

Developers Product Chooser PDF Choosing Wizard Feature Comparison Chart Image Product Chooser Image Comparison Chart

Products For End Users

Do it all with PDF-XChange PRO

A product suite that includes all of the above PDF products and allows you to do pretty much whatever you want with PDFs

PRO PDF

PDF-XChange Viewer

PDF-XChange Lite

PDF-XChange Standard

PDF-Tools

Imaging Products


Raster-XChange


Tiff-XChange

Products For Software Developers

Interested in custom applications developed for you? Click Here
SDKs for PDFs: SDKs for Imaging: Clarion® SDKs:

PDF Related

Imaging Products

 Clarion® Developers now have the choice of using our generic SDKs, or downloading our Clarion® specific SDKs which include extra Clarion® classes, templates and examples for fast and easy integration into their Clarion® based applications.
About Tracker Software Payment Options Explained Support Approach News, Press & Events Subscribe for our Newsletter Employment Opportunities Reseller Opportunities Testimonials
News
Home » About Tracker Software Products Ltd. » News, Press & Events » New Windows DLL hijacking vulnerability

News, Press & Events

Back to all News, Press & Events

New Windows DLL hijacking vulnerability

12 SEP 2010

Further to a communication received today and a reported potential Windows vulnerability located affecting almost every application running on MS Windows operating systems (see links below) - how does the PDF-XChange Viewer fair ?

Here are the reports and Mcrosoft article giving further detail.

http://blog.metasploit.com/2010/08/expl ... flaws.html
and
https://www.microsoft.com/technet/secur ... 69637.mspx

and various others such as :

http://secunia.com/advisories/41197/


We have run all the suggested tests on both build 2.0050 and 2.0054 (the current latest release) of the PDF-XChange Viewer and concluded that whilst the initial tests suggest a potential flaw is possible - once the full tests are run - the results come back that the PDF-XChange Viewer is in fact not affected - on either build detailed.

After further exhaustive testing - we do accept however that there is still some (almost inconceivably small) potential 'latitude' for an exploit to occur and we will be adding additional security code to fully block any potential for substitute dll's to be used from any location other than the required genuine DLL's.

This build will be available (2.00.55) during the week beginning September 6th 2010 as part of our scheduled product update offering.

UPDATE - 13th September, 2010.
We have now releaseed build 2.055 and have included code to block any possibilty of the above occuring !
All existing users are advised to update from our downloads page or use the option in the Viewer itself : Help -> Check for Updates.