Lucene search

[email protected]CVE-2008-2683

HistoryJun 12, 2008 - 12:21 p.m.

CVE-2008-2683

2008-06-1212:21:00

CWE-20

[email protected]

web.nvd.nist.gov

vulnerability

bidib.bidibctrl.1

activex control

bidib.ocx

black ice barcode sdk 5.01

remote attackers

arbitrary files

downloadimagefileurl

cve-2008-2683

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

6.7 Medium

AI Score

Confidence

High

0.844 High

EPSS

Percentile

98.5%

JSON

The BIDIB.BIDIBCtrl.1 ActiveX control in BIDIB.ocx 10.9.3.0 in Black Ice Barcode SDK 5.01 allows remote attackers to force the download and storage of arbitrary files by specifying the origin URL in the first argument to the DownloadImageFileURL method, and the local filename in the second argument. NOTE: some of these details are obtained from third party information.

Affected configurations

NVD

Node

black_icebarcode_sdkMatch5.01

CPENameOperatorVersion
black_ice:barcode_sdkblack ice barcode sdkeq5.01

CPE	Name	Operator	Version
black_ice:barcode_sdk	black ice barcode sdk	eq	5.01

References

secunia.com/advisories/30548

securityreason.com/securityalert/8276

securityreason.com/securityalert/8277

www.exploit-db.com/exploits/17415

www.osvdb.org/46007

www.vupen.com/english/advisories/2008/1768/references

exchange.xforce.ibmcloud.com/vulnerabilities/42891

www.exploit-db.com/exploits/5750

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

6.7 Medium

AI Score

Confidence

High

0.844 High

EPSS

Percentile

98.5%

JSON

Related for CVE-2008-2683

cvelist1 checkpoint_advisories1 packetstorm1 prion1 nvd1