CVE-2008-2683

Black ICE Barcode SDK - Improper Input Validation

Title source: rule

Description

The BIDIB.BIDIBCtrl.1 ActiveX control in BIDIB.ocx 10.9.3.0 in Black Ice Barcode SDK 5.01 allows remote attackers to force the download and storage of arbitrary files by specifying the origin URL in the first argument to the DownloadImageFileURL method, and the local filename in the second argument. NOTE: some of these details are obtained from third party information.

Exploits (4)

exploitdb WORKING POC VERIFIED

by shinnai · htmlremotewindows

https://www.exploit-db.com/exploits/5750

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by mr_me · rubyremotewindows

https://www.exploit-db.com/exploits/17415

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/17424

View Code ZIP pw:eip

metasploit WORKING POC EXCELLENT

by shinnai · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/blackice_downloadimagefileurl.rb

View Code ZIP pw:eip

References (8)

[Vendor Advisory] http://secunia.com/advisories/30548

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/42891

[Exploit, Third Party Advisory] http://www.exploit-db.com/exploits/17415

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/5750

[Third Party Advisory, VDB Entry] http://www.osvdb.org/46007

[Third Party Advisory] http://www.vupen.com/english/advisories/2008/1768/references

[Third Party Advisory] http://securityreason.com/securityalert/8276

[Third Party Advisory] http://securityreason.com/securityalert/8277

Scores

EPSS 0.7940

EPSS Percentile 99.1%

Classification

CWE

CWE-20

Status draft

Affected Products (1)

black_ice/barcode_sdk

Timeline

Published Jun 12, 2008

Tracked Since Feb 18, 2026