Morovia Barcode ActiveX Control Arbitrary File Overwrite Vulnerability

Bugtraq ID:	23934
Class:	Design Error
CVE:	CVE-2007-2644
Remote:	Yes
Local:	No
Published:	May 11 2007 12:00AM
Updated:	May 07 2015 05:39PM
Credit:	shinnai is credited with the discovery of this issue.
Vulnerable:	Morovia Morovia Barcode ActiveX Professional 3.8 Morovia Morovia Barcode ActiveX Professional 0
Not Vulnerable:

Morovia Barcode ActiveX Control Arbitrary File Overwrite Vulnerability

The Morovia Barcode ActiveX control is prone to an arbitrary-file-overwrite vulnerability.

An attacker can exploit this issue to overwrite arbitrary files on the affected computer. Successful attacks may aid in further attacks against the computer. Failed attempts will likely cause denial-of-service
conditions.

Morovia Barcode ActiveX Control Arbitrary File Overwrite Vulnerability

The following example code is available:

• /data/vulnerabilities/exploits/23934.txt

Morovia Barcode ActiveX Control Arbitrary File Overwrite Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Morovia Barcode ActiveX Control Arbitrary File Overwrite Vulnerability

References:

• Microsoft Knowledge Base Article 240797 (Microsoft)
  
• Morovia Barcode ActiveX Control Web Site (Morovia)