Jump to content

Welcome! You're currently a Guest.

If you'd like to join in the Discussion, or access additional features in our forums, please sign in with your Evernote Account here. Have an Evernote Account but forgot your password? Reset it! Don't have an account yet? Create One! You'll need to set your Display Name before your first post.

Photo
Windows

Evernote PDF Reader from Foxit - security concern?

evernote pdf foxit javascript js security malicious script

  • Please log in to reply
No replies to this topic

#1 SFdude

SFdude

  • Pip
  • Title: Member
  • Group: Members
  • 9 posts

Posted 27 February 2013 - 05:28 PM

Using EV client version 3.1.0,1225

(yes, I know - it's ancient, but it works for me...),

with WIN-XP SP3 -32 bit.

 

When I read a PDF stored as an EV Note,

EV pops up an info window,

saying it's using the FOXIT PDF Reader inside EV,

to render the PDF.

That's OK...

 

But what if the PDF (stored and rendered inside EV),

contains an embeded, malicious JS script,

and the JS script gets executed

by the EV Foxit Reader?

 

For my local PDF files (in my HD),

I read them with Sumatra PDF Reader or PDF-Xchange Reader,

both with JS script execution TURNED OFF...

 

So....the Question:

==============

 

Does EVs Foxit Reader have JS script execution TURNED OFF?

(while rendering a PDF file INSIDE the EV client version 3.1.0,1225).

 

If it is not turned off,

that would be a HUGE security risk in PDF rendering in EV.!

 

Thanks.







Also tagged with one or more of these keywords: windows, evernote, pdf, foxit, javascript, js, security, malicious, script

2 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users


    Yahoo (2)
Clip to Evernote