CVE-2007-2755

PrecisionID Barcode 1.9 - Path Traversal

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-2755. PoCs published by shinnai.

AI-analyzed exploit summary This exploit leverages an arbitrary file overwrite vulnerability in the PrecisionID Barcode ActiveX control (PrecisionID_Barcode.dll) via the SaveToFile method. It overwrites the system.ini file, potentially causing system instability or denial of service.

Description

The PrecisionID Barcode 1.9 ActiveX control in PrecisionID_Barcode.dll, when Internet Explorer 6 is used, allows remote attackers to overwrite arbitrary files via a full pathname to the SaveToFile function, a different vulnerability than CVE-2007-2744.

Exploits (1)

exploitdb WORKING POC VERIFIED

by shinnai · htmlremotewindows

https://www.exploit-db.com/exploits/3938

View Code ZIP pw:eip

This exploit leverages an arbitrary file overwrite vulnerability in the PrecisionID Barcode ActiveX control (PrecisionID_Barcode.dll) via the SaveToFile method. It overwrites the system.ini file, potentially causing system instability or denial of service.

Classification

Working Poc 95%

Attack Type

Other

Complexity

Trivial

Reliability

Reliable

Target: PrecisionID Barcode ActiveX 1.9 (PrecisionID_Barcode.dll)

No auth needed

Prerequisites: Victim must visit a malicious webpage using Internet Explorer 6 · ActiveX control must be installed and accessible

MITRE ATT&CK