CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
96.5%
Added: 05/23/2011
CVE: CVE-2010-2932
BID: 42097
OSVDB: 66882
BarCodeWiz Barcode ActiveX Control is a tool for generating barcodes in Microsoft Office documents, and for Visual Basic, Visual C++, VB.NET, C#, or Delphi developer looking to include barcodes in programs.
The LoadProperties function of the Barcode ActiveX control in version 3.29 and prior is vulneralbe to a buffer overflow attack.
Set the kill bit for ActiveX Class ID CD3B09F1-26FB-41CD-B3F2-E178DFD3BCC6.
<http://www.barcodewiz.com/>
<http://secunia.com/advisories/40786>
This exploit has been tested against GetMySystem.com BarCodeWiz Barcode ActiveX Control 3.25 under Internet Explorer 7 on Windows XP SP3 English (DEP OptIn) and Windows Vista SP2 English (DEP OptIn).
Windows