PrecisionID Barcode PrecisionID_DataMatrix.DLL ActiveX Control Denial of Service Vulnerability

Bugtraq ID:	23957
Class:	Boundary Condition Error
CVE:	CVE-2007-2657
Remote:	Yes
Local:	No
Published:	May 13 2007 12:00AM
Updated:	May 07 2015 05:39PM
Credit:	shinnai is credited with the discovery of this issue.
Vulnerable:	PrecisionID Barcode ActiveX 1.3
Not Vulnerable:

PrecisionID Barcode PrecisionID_DataMatrix.DLL ActiveX Control Denial of Service Vulnerability

PrecisionID Barcode ActiveX control is prone to a denial-of-service vulnerability because it fails to perform adequate checks on user-supplied input data.

Attackers can exploit this issue to crash the browsers of unsuspecting users, resulting in a denial of service. Remote code execution may also be possible, but has not been confirmed.

PrecisionID Barcode ActiveX control 1.3 is vulnerable; other versions may also be affected.

PrecisionID Barcode PrecisionID_DataMatrix.DLL ActiveX Control Denial of Service Vulnerability

To exploit this issue, an attacker must entice an unsuspecting user to access a malicious webpage.

The following exploit is available:

• /data/vulnerabilities/exploits/PrecisionID_Barcode_ActiveX_exp.txt

PrecisionID Barcode PrecisionID_DataMatrix.DLL ActiveX Control Denial of Service Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

PrecisionID Barcode PrecisionID_DataMatrix.DLL ActiveX Control Denial of Service Vulnerability

References:

• Microsoft Knowledge Base Article 240797 (Microsoft)
  
• MoAxB #12: PrecisionID Barcode ActiveX (PrecisionID_DataMatrix.DLL) 1.3 Denial o (shinnai)
  
• PrecisionID Barcode ActiveX Control Homepage (PrecisionID)