CVE-2014-8074 – Foxit ActiveX Pro SDK SetLogFile Buffer Overflow Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2014-8074

Buffer overflow in the SetLogFile method in Foxit.FoxitPDFSDKProCtrl.5 in Foxit PDF SDK ActiveX 2.3 through 5.0.1820 before 5.0.2.924 allows remote attackers to execute arbitrary code via a long string, related to global variables. Desbordamiento de buffer en el método SetLogFile en Foxit.FoxitPDFSDKProCtrl.5 de Foxit PDF SDK ActiveX 2.3 hasta 5.0.1820 anteriores a 5.0.2.924 permite a atacantes remotos ejecutar código arbitrario a través de una larga cadena, relacionado con variables globales. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Foxit ActiveX Pro SDK ActiveX control. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the Foxit.FoxitPDFSDKProCtrl.5 ActiveX control. By passing an overly long string to the SetLogFile method, an attacker is able to overflow global variables in the control. • http://www.foxitsoftware.com/support/security_bulletins.php#FRD-22 http://www.securityfocus.com/bid/70608 http://www.zerodayinitiative.com/advisories/ZDI-14-362 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •