BarCodeWiz ActiveX LoadProperties Buffer Overflow

2011-05-23T00:00:00
ID SAINT:3A141F8A93769F75B2DAFBCD58FDE472
Type saint
Reporter SAINT Corporation
Modified 2011-05-23T00:00:00

Description

Added: 05/23/2011
CVE: CVE-2010-2932
BID: 42097
OSVDB: 66882

Background

BarCodeWiz Barcode ActiveX Control is a tool for generating barcodes in Microsoft Office documents, and for Visual Basic, Visual C++, VB.NET, C#, or Delphi developer looking to include barcodes in programs.

Problem

The LoadProperties function of the Barcode ActiveX control in version 3.29 and prior is vulneralbe to a buffer overflow attack.

Resolution

Set the kill bit for ActiveX Class ID CD3B09F1-26FB-41CD-B3F2-E178DFD3BCC6.

References

<http://www.barcodewiz.com/>
<http://secunia.com/advisories/40786>

Limitations

This exploit has been tested against GetMySystem.com BarCodeWiz Barcode ActiveX Control 3.25 under Internet Explorer 7 on Windows XP SP3 English (DEP OptIn) and Windows Vista SP2 English (DEP OptIn).

Platforms

Windows