CVE-2014-8074

EUVD-2014-7923
Buffer overflow in the SetLogFile method in Foxit.FoxitPDFSDKProCtrl.5 in Foxit PDF SDK ActiveX 2.3 through 5.0.1820 before 5.0.2.924 allows remote attackers to execute arbitrary code via a long string, related to global variables.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 86%
Affected Products (NVD)
VendorProductVersion
foxitsoftwarefoxit_pdf_sdk_activex
2.3
foxitsoftwarefoxit_pdf_sdk_activex
3.0
foxitsoftwarefoxit_pdf_sdk_activex
4.0
foxitsoftwarefoxit_pdf_sdk_activex
5.0.0
foxitsoftwarefoxit_pdf_sdk_activex
5.0.1.820
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.foxitsoftware.com/support/security_bulletins.php#FRD-22
http://www.securityfocus.com/bid/70608
http://www.zerodayinitiative.com/advisories/ZDI-14-362/
http://www.foxitsoftware.com/support/security_bulletins.php#FRD-22
http://www.securityfocus.com/bid/70608
http://www.zerodayinitiative.com/advisories/ZDI-14-362/