Vulnerability CVE-2008-2683


Published: 2008-06-12   Modified: 2012-02-12

Description:
The BIDIB.BIDIBCtrl.1 ActiveX control in BIDIB.ocx 10.9.3.0 in Black Ice Barcode SDK 5.01 allows remote attackers to force the download and storage of arbitrary files by specifying the origin URL in the first argument to the DownloadImageFileURL method, and the local filename in the second argument. NOTE: some of these details are obtained from third party information.

See advisories in our WLB2 database:
Topic
Author
Date
High
Black Ice Cover Page SDK insecure method DownloadImageFileURL() exploit
mr_me
22.06.2011
High
Black Ice Cover Page ActiveX Control Arbitrary File Download
metasploit
22.06.2011

Type:

CWE-20

(Improper Input Validation)

CVSS2 => (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
9.3/10
10/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Black ice -> Barcode sdk 

 References:
http://xforce.iss.net/xforce/xfdb/42891
http://www.vupen.com/english/advisories/2008/1768/references
http://www.osvdb.org/46007
http://www.milw0rm.com/exploits/5750
http://www.exploit-db.com/exploits/17415
http://securityreason.com/securityalert/8277
http://securityreason.com/securityalert/8276
http://secunia.com/advisories/30548

Copyright 2024, cxsecurity.com

 

Back to Top