vendor:
BarCodeWiz Barcode ActiveX Control
by:
loneferret
7,5
CVSS
HIGH
SEH Overwrite
119
CWE
Product Name: BarCodeWiz Barcode ActiveX Control
Affected Version From: 3.29
Affected Version To: 3.29
Patch Exists: YES
Related CWE: N/A
CPE: a:barcodewiz:barcodewiz_barcode_activex_control
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Windows XP Professional SP3 & Windows XP Home SP3, Internet Explorer 6 & Internet Explorer 7
2010
BarCodeWiz Barcode ActiveX Control 3.29 PoC (SEH)
BarCodeWiz Barcode ActiveX Control 3.29 is vulnerable to a SEH overwrite vulnerability. The vulnerability is triggered when a specially crafted argument is passed to the LoadProperties method. This causes the SEH to be overwritten with the value 0x41414141, which allows arbitrary code execution.
Mitigation:
Upgrade to the latest version of BarCodeWiz Barcode ActiveX Control.
