Published: 12/06/2008 Updated: 29/09/2017

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

VMScore: 945

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

The BIDIB.BIDIBCtrl.1 ActiveX control in BIDIB.ocx 10.9.3.0 in Black Ice Barcode SDK 5.01 allows remote malicious users to force the download and storage of arbitrary files by specifying the origin URL in the first argument to the DownloadImageFileURL method, and the local filename in the second argument. NOTE: some of these details are obtained from third party information.

Vulnerable Product	Search on Vulmon	Subscribe to Product
black ice barcode sdk 5.01

----------------------------------------------------------------------------- Black Ice Software Inc Barcode SDK (BIDIBocx) Arbitrary File Download and Memory Corruption url: wwwblackicecom File : BIDIBocx Ver : 10930 CLSID: {D2797899-BE27-4CDB-892F-4FDC26EA9BA9} Mark: RegKey Safe for Script: True RegKey Safe for In ...

<html> Blackice Cover Page SDK insecure method DownloadImageFileURL() exploit  <object classid='clsid:79956462-F148-49 ...

## # $Id: blackice_downloadimagefileurlrb 12992 2011-06-21 02:51:39Z sinn3r $ ## ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # Framework web site for more information on licensing and terms of use # metasploitcom/framework/ ## require 'm ...

CWE-20 http://secunia.com/advisories/30548 http://www.vupen.com/english/advisories/2008/1768/references http://www.osvdb.org/46007 http://www.exploit-db.com/exploits/17415 http://securityreason.com/securityalert/8277 http://securityreason.com/securityalert/8276 https://exchange.xforce.ibmcloud.com/vulnerabilities/42891 https://www.exploit-db.com/exploits/5750 https://nvd.nist.gov https://www.exploit-db.com/exploits/5750/

CVE-2008-2683

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect