CVE-2014-8074

2014-10-1715:55:07

CWE-119

[email protected]

web.nvd.nist.gov

cve-2014-8074

buffer overflow

foxit pdf

activex

remote code execution

security vulnerability

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.1 High

AI Score

Confidence

High

0.627 Medium

EPSS

Percentile

97.9%

JSON

Buffer overflow in the SetLogFile method in Foxit.FoxitPDFSDKProCtrl.5 in Foxit PDF SDK ActiveX 2.3 through 5.0.1820 before 5.0.2.924 allows remote attackers to execute arbitrary code via a long string, related to global variables.

Affected configurations

NVD

Node

foxitsoftwarefoxit_pdf_sdk_activexMatch2.3

foxitsoftwarefoxit_pdf_sdk_activexMatch3.0

foxitsoftwarefoxit_pdf_sdk_activexMatch4.0

foxitsoftwarefoxit_pdf_sdk_activexMatch5.0.0

foxitsoftwarefoxit_pdf_sdk_activexMatch5.0.1.820

CPENameOperatorVersion
foxitsoftware:foxit_pdf_sdk_activexfoxitsoftware foxit pdf sdk activexeq2.3
foxitsoftware:foxit_pdf_sdk_activexfoxitsoftware foxit pdf sdk activexeq3.0
foxitsoftware:foxit_pdf_sdk_activexfoxitsoftware foxit pdf sdk activexeq4.0
foxitsoftware:foxit_pdf_sdk_activexfoxitsoftware foxit pdf sdk activexeq5.0.0
foxitsoftware:foxit_pdf_sdk_activexfoxitsoftware foxit pdf sdk activexeq5.0.1.820

CPE	Name	Operator	Version
foxitsoftware:foxit_pdf_sdk_activex	foxitsoftware foxit pdf sdk activex	eq	2.3
foxitsoftware:foxit_pdf_sdk_activex	foxitsoftware foxit pdf sdk activex	eq	3.0
foxitsoftware:foxit_pdf_sdk_activex	foxitsoftware foxit pdf sdk activex	eq	4.0
foxitsoftware:foxit_pdf_sdk_activex	foxitsoftware foxit pdf sdk activex	eq	5.0.0
foxitsoftware:foxit_pdf_sdk_activex	foxitsoftware foxit pdf sdk activex	eq	5.0.1.820