Check Point Advisories

Update Protection against MW6 Technologies Barcode.dll ActiveX Control Buffer Overflow

Check Point Reference: CPAI-2009-035
Date Published: 30 Jan 2009
Severity: High
Last Updated: Thursday 01 January, 2009
Source: Secunia Advisory: SA33663
Industry Reference:CVE-2009-0298
Protection Provided by:
Who is Vulnerable?
Vulnerability Description A buffer overflow vulnerability was reported in Barocade, a software provided by MW6 Technologies. The vulnerability is due to a boundary error while processing user input. A remote attacker can exploit this vulnerability by convincing the user to open a crafted html file. Successful exploitation may lead to arbitrary code execution in the security context of the logged-in user.
Vulnerability DetailsAs part of its software, MW6 Technologies includes various ActiveX controls that are used to process the barcode data. One of these ActiveX controls is barcode.dll. A heap overflow vulnerability exists in the barcode.dll control. Specifically, the vulnerability exists in the processing of the Supplement property. This can be exploited to cause a heap-based buffer overflow via an overly long string assigned to the "Supplement" property.

Protection Overview

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK