Lucene search

[email protected]CVE-2008-2684

HistoryJun 12, 2008 - 12:21 p.m.

CVE-2008-2684

2008-06-1212:21:00

CWE-94

[email protected]

web.nvd.nist.gov

activex control

remote code execution

memory corruption

cve-2008-2684

black ice barcode sdk

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.7 High

AI Score

Confidence

High

0.11 Low

EPSS

Percentile

95.2%

JSON

The BIDIB.BIDIBCtrl.1 ActiveX control in BIDIB.ocx 10.9.3.0 in Black Ice Barcode SDK 5.01 allows remote attackers to execute arbitrary code via long strings in the two arguments to the DownloadImageFileURL method, which trigger memory corruption. NOTE: some of these details are obtained from third party information.

Affected configurations

NVD

Node

blackiceblack_ice_barcode_sdkMatch5.01

CPENameOperatorVersion
blackice:black_ice_barcode_sdkblackice black ice barcode sdkeq5.01

CPE	Name	Operator	Version
blackice:black_ice_barcode_sdk	blackice black ice barcode sdk	eq	5.01

References

secunia.com/advisories/30548

www.securityfocus.com/bid/29579

www.vupen.com/english/advisories/2008/1768/references

exchange.xforce.ibmcloud.com/vulnerabilities/42896

www.exploit-db.com/exploits/5750

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.7 High

AI Score

Confidence

High

0.11 Low

EPSS

Percentile

95.2%

JSON

Related for CVE-2008-2684

nvd1 prion1 cvelist1