CVE-2007-5397

activePDF Server < 3.8.6.16 - Remote Code Execution via Malformed Packet Size Field

Title source: llm
STIX 2.1

Description

Heap-based buffer overflow in the activePDF Server service (aka APServer.exe) in activePDF Server 3.8.4 and 3.8.5.14, and possibly other versions before 3.8.6.16, allows remote attackers to execute arbitrary code via a packet with a size field that is less than the actual size of the data.

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/28013
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/27371

Scores

EPSS 0.0287
EPSS Percentile 85.2%

Details

CWE
CWE-119
Status published
Products (1)
activepdf/server < 3.8.4
Published Feb 28, 2008
Tracked Since Feb 18, 2026