BarCodeWiz ActiveX LoadProperties Buffer Overflow

Added: 05/23/2011
CVE: CVE-2010-2932
BID: 42097
OSVDB: 66882

Background

BarCodeWiz Barcode ActiveX Control is a tool for generating barcodes in Microsoft Office documents, and for Visual Basic, Visual C++, VB.NET, C#, or Delphi developer looking to include barcodes in programs.

Problem

The LoadProperties function of the Barcode ActiveX control in version 3.29 and prior is vulneralbe to a buffer overflow attack.

Resolution

Set the kill bit for ActiveX Class ID CD3B09F1-26FB-41CD-B3F2-E178DFD3BCC6.

References

<http://www.barcodewiz.com/&gt;
<http://secunia.com/advisories/40786&gt;

Limitations

This exploit has been tested against GetMySystem.com BarCodeWiz Barcode ActiveX Control 3.25 under Internet Explorer 7 on Windows XP SP3 English (DEP OptIn) and Windows Vista SP2 English (DEP OptIn).

Platforms

Windows