CVE-2008-2683

Black Ice Barcode SDK - Arbitrary File Write via BIDIB.BIDIBCtrl.1 DownloadImageFileURL Method

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 4 public exploits for CVE-2008-2683. PoCs published by Metasploit, mr_me, shinnai, including Metasploit module exploits/windows/browser/blackice_downloadimagefileurl.

AI-analyzed exploit summary This Metasploit module exploits a vulnerability in the Black Ice BIImgFrm.ocx ActiveX control (version 12.0.0.0) to achieve arbitrary file download and remote code execution via the DownloadImageFileURL method. It leverages WMI (Windows Management Instrumentation) to execute a payload on Windows systems prior to Vista.

Description

The BIDIB.BIDIBCtrl.1 ActiveX control in BIDIB.ocx 10.9.3.0 in Black Ice Barcode SDK 5.01 allows remote attackers to force the download and storage of arbitrary files by specifying the origin URL in the first argument to the DownloadImageFileURL method, and the local filename in the second argument. NOTE: some of these details are obtained from third party information.

Exploits (4)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/17424

This Metasploit module exploits a vulnerability in the Black Ice BIImgFrm.ocx ActiveX control (version 12.0.0.0) to achieve arbitrary file download and remote code execution via the DownloadImageFileURL method. It leverages WMI (Windows Management Instrumentation) to execute a payload on Windows systems prior to Vista.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Black Ice BIImgFrm.ocx ActiveX Control (12.0.0.0)
No auth needed
Prerequisites: Victim must visit a malicious webpage hosting the exploit · ActiveX control must be installed and vulnerable
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by mr_me · rubyremotewindows
https://www.exploit-db.com/exploits/17415

This exploit leverages an insecure method in the Black Ice Cover Page ActiveX control to download arbitrary files to a target system. The Metasploit module automates the attack by serving a malicious HTML page that triggers the vulnerability.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Black Ice Cover Page SDK (BIImgFrm.ocx 12.0.0.0)
No auth needed
Prerequisites: Target must have the vulnerable ActiveX control installed · Target must visit a malicious webpage or open a malicious HTML file
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by shinnai · htmlremotewindows
https://www.exploit-db.com/exploits/5750

This exploit demonstrates two vulnerabilities in Black Ice Software's Barcode SDK (BIDIB.ocx): arbitrary file download and memory corruption via the DownloadImageFileURL method. The PoC uses VBScript to trigger these issues in Internet Explorer.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Black Ice Software Barcode SDK (BIDIB.ocx) version 10.9.3.0
No auth needed
Prerequisites: Internet Explorer with ActiveX enabled · Victim interaction (clicking a button)
devstral-2 · analyzed Feb 18, 2026 Full analysis →
metasploit WORKING POC EXCELLENT
by shinnai · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/blackice_downloadimagefileurl.rb

This Metasploit module exploits CVE-2008-2683 by abusing the 'DownloadImageFileURL' method in the Black Ice BIImgFrm.ocx ActiveX control to download arbitrary files. It achieves remote code execution by uploading a payload and a MOF file, leveraging Windows Management Instrumentation (WMI) to execute the payload.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Black Ice BIImgFrm.ocx ActiveX Control (version 12.0.0.0)
No auth needed
Prerequisites: Victim must visit a malicious webpage hosting the exploit · ActiveX control must be installed and enabled in Internet Explorer
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (8)

Core 8
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/46007
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/30548
Exploit, Third Party Advisory exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/17415
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/5750
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/1768/references
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/42891
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/8276
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/8277

Scores

EPSS 0.3476
EPSS Percentile 98.2%

Details

CWE
CWE-20
Status published
Products (1)
black_ice/barcode_sdk 5.01
Published Jun 12, 2008
Tracked Since Feb 18, 2026