GetMySystem BarCodeWiz BarcodeWiz.dll ActiveX Control Remote Buffer Overflow Vulnerability

Bugtraq ID:	23891
Class:	Boundary Condition Error
CVE:	CVE-2007-2585
Remote:	Yes
Local:	No
Published:	May 09 2007 12:00AM
Updated:	May 07 2015 05:39PM
Credit:	shinnai is credited with the discovery of this vulnerability.
Vulnerable:	GetMySystem BarCodeWiz 2.0
Not Vulnerable:

GetMySystem BarCodeWiz BarcodeWiz.dll ActiveX Control Remote Buffer Overflow Vulnerability

BarCodeWiz ActiveX control is prone to a buffer-overflow vulnerability because the software fails to sufficiently bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.

An attacker may exploit this issue by enticing victims into opening a malicious webpage or HTML email that invokes the affected control.

BarCodeWiz 2.0 is vulnerable to this issue; other versions may be affected as well.

GetMySystem BarCodeWiz BarcodeWiz.dll ActiveX Control Remote Buffer Overflow Vulnerability

The following proof of concept and exploit are available:

• /data/vulnerabilities/exploits/BarCodeWiz_poc.txt
• /data/vulnerabilities/exploits/23891-Parveen.html

GetMySystem BarCodeWiz BarcodeWiz.dll ActiveX Control Remote Buffer Overflow Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

GetMySystem BarCodeWiz BarcodeWiz.dll ActiveX Control Remote Buffer Overflow Vulnerability

References:

• OMoAxB #09: BarCodeWiz ActiveX Control 2.0 (BarcodeWiz.dll) Remote Buffer overfl (shinnai)
  
• Vendor Homepage (Taltech)