CVE-2008-2684

Current Description

The BIDIB.BIDIBCtrl.1 ActiveX control in BIDIB.ocx 10.9.3.0 in Black Ice Barcode SDK 5.01 allows remote attackers to execute arbitrary code via long strings in the two arguments to the DownloadImageFileURL method, which trigger memory corruption. NOTE: some of these details are obtained from third party information.

Basic Data

PublishedJune 12, 2008
Last ModifiedSeptember 29, 2017
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-94
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityMEDIUM
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactCOMPLETE
CVSS 2 - Availability ImpactCOMPLETE
CVSS 2 - Base Score9.3
SeverityHIGH
Exploitability Score8.6
Impact Score10.0
Obtain All Privilegetrue
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationBlackiceBlack Ice Barcode Sdk5.01*******

Vulnerable Software List

VendorProductVersions
Blackice Black Ice Barcode Sdk 5.01

References

NameSourceURLTags
30548http://secunia.com/advisories/30548SECUNIAVendor Advisory
29579http://www.securityfocus.com/bid/29579BID
ADV-2008-1768http://www.vupen.com/english/advisories/2008/1768/referencesVUPEN
barcode-bidib-code-execution(42896)https://exchange.xforce.ibmcloud.com/vulnerabilities/42896XF
5750https://www.exploit-db.com/exploits/5750EXPLOIT-DB