BarCodeWiz ActiveX LoadProperties Buffer Overflow
Added: 05/23/2011CVE: CVE-2010-2932
BID: 42097
OSVDB: 66882
Background
BarCodeWiz Barcode ActiveX Control is a tool for generating barcodes in Microsoft Office documents, and for Visual Basic, Visual C++, VB.NET, C#, or Delphi developer looking to include barcodes in programs.Problem
The LoadProperties function of the Barcode ActiveX control in version 3.29 and prior is vulneralbe to a buffer overflow attack.Resolution
Set the kill bit for ActiveX Class ID CD3B09F1-26FB-41CD-B3F2-E178DFD3BCC6.References
http://www.barcodewiz.com/http://secunia.com/advisories/40786
Limitations
This exploit has been tested against GetMySystem.com BarCodeWiz Barcode ActiveX Control 3.25 under Internet Explorer 7 on Windows XP SP3 English (DEP OptIn) and Windows Vista SP2 English (DEP OptIn).Platforms
WindowsBack to exploit index