Jump to content

(Archived) Evernote PDF Reader from Foxit - security concern?


SFdude

Recommended Posts

Using EV client version 3.1.0,1225

(yes, I know - it's ancient, but it works for me...),

with WIN-XP SP3 -32 bit.

 

When I read a PDF stored as an EV Note,

EV pops up an info window,

saying it's using the FOXIT PDF Reader inside EV,

to render the PDF.

That's OK...

 

But what if the PDF (stored and rendered inside EV),

contains an embeded, malicious JS script,

and the JS script gets executed

by the EV Foxit Reader?

 

For my local PDF files (in my HD),

I read them with Sumatra PDF Reader or PDF-Xchange Reader,

both with JS script execution TURNED OFF...

 

So....the Question:

==============

 

Does EVs Foxit Reader have JS script execution TURNED OFF?

(while rendering a PDF file INSIDE the EV client version 3.1.0,1225).

 

If it is not turned off,

that would be a HUGE security risk in PDF rendering in EV.!

 

Thanks.

Link to comment

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...