Using EV client version 3.1.0,1225
(yes, I know - it's ancient, but it works for me...),
with WIN-XP SP3 -32 bit.
When I read a PDF stored as an EV Note,
EV pops up an info window,
saying it's using the FOXIT PDF Reader inside EV,
to render the PDF.
But what if the PDF (stored and rendered inside EV),
contains an embeded, malicious JS script,
and the JS script gets executed
by the EV Foxit Reader?
For my local PDF files (in my HD),
I read them with Sumatra PDF Reader or PDF-Xchange Reader,
both with JS script execution TURNED OFF...
Does EVs Foxit Reader have JS script execution TURNED OFF?
(while rendering a PDF file INSIDE the EV client version 3.1.0,1225).
If it is not turned off,
that would be a HUGE security risk in PDF rendering in EV.!