CVE-2008-2283

IDAutomation Barcode Components - Arbitrary File Write via SaveBarCode and SaveEnhWMF

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-2283. PoCs published by shinnai.

AI-analyzed exploit summary This exploit targets multiple IDAutomation ActiveX controls by invoking their methods to save files to arbitrary locations on the system. It demonstrates a vulnerability where these controls can be abused to write files without user consent.

Description

IDAutomation allows remote attackers to overwrite arbitrary files via the argument to the (1) SaveBarCode and (2) SaveEnhWMF methods in (a) the IDAuto.BarCode.1 ActiveX control in IDAutomationLinear6.dll (aka IDAutomation Linear BarCode) 1.6.0.6, (b) the IDAuto.Datamatrix.1 ActiveX control in IDAutomationDMATRIX6.DLL (aka IDautomation Datamatrix Barcode) 1.6.0.6, (c) the IDAuto.PDF417.1 ActiveX control in IDAutomationPDF417_6.dll (aka IDautomation PDF417 Barcode) 1.6.0.6, and (d) the IDAuto.Aztec.1 ActiveX control in IDAutomationAZTEC.dll (aka IDautomation Aztec Barcode) 1.7.1.0.

Exploits (1)

exploitdb WORKING POC VERIFIED

by shinnai · htmlremotewindows

https://www.exploit-db.com/exploits/5612

View Code ZIP pw:eip

This exploit targets multiple IDAutomation ActiveX controls by invoking their methods to save files to arbitrary locations on the system. It demonstrates a vulnerability where these controls can be abused to write files without user consent.

Classification

Working Poc 90%

Attack Type

Other

Complexity

Trivial

Reliability

Reliable

Target: IDAutomation Linear BarCode, Datamatrix Barcode, PDF417 Barcode, Aztec Barcode ActiveX controls

No auth needed

Prerequisites: Victim must visit a malicious webpage using Internet Explorer · IDAutomation ActiveX controls must be installed

MITRE ATT&CK

T1218 - System Binary Proxy Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/42406

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/29204

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/5612

Various Sources x_refsource_misc

http://www.shinnai.altervista.org/index.php?mod=02_Forum&group=Security&argument=Remote_performed_exploits&topic=1210750552.ff.php&page=last

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/30246

Scores

EPSS 0.0600

EPSS Percentile 92.4%

Details

CWE

CWE-20

Status published

Products (4)

idautomation/aztec_barcode 1.7.1.0

idautomation/datamatrix_barcode 1.6.0.6

idautomation/linear_barcode 1.6.0.6

idautomation/pdf417_barcode 1.6.0.6

Published May 18, 2008

Tracked Since Feb 18, 2026