CVE-2007-2744

PrecisionID Barcode 1.9 - Buffer Overflow

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-2744. PoCs published by shinnai.

AI-analyzed exploit summary This exploit targets a Denial of Service (DoS) vulnerability in the PrecisionID Barcode ActiveX control (PrecisionID_Barcode.dll) version 1.9. It uses a buffer overflow technique by passing an overly long string to the SaveBarCode method, causing the application to crash.

Description

Stack-based buffer overflow in the PrecisionID Barcode 1.9 ActiveX control in PrecisionID_Barcode.dll allows remote attackers to cause a denial of service (Internet Explorer 6 crash), and possibly execute arbitrary code, via a long argument to the SaveBarCode method. NOTE: this issue might overlap CVE-2007-2657.

Exploits (1)

exploitdb WORKING POC VERIFIED

by shinnai · htmldoswindows

https://www.exploit-db.com/exploits/3937

View Code ZIP pw:eip

This exploit targets a Denial of Service (DoS) vulnerability in the PrecisionID Barcode ActiveX control (PrecisionID_Barcode.dll) version 1.9. It uses a buffer overflow technique by passing an overly long string to the SaveBarCode method, causing the application to crash.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: PrecisionID Barcode ActiveX 1.9 (PrecisionID_Barcode.dll)

No auth needed

Prerequisites: Internet Explorer 6 · PrecisionID Barcode ActiveX control installed

MITRE ATT&CK