CVE-2008-2684

Blackice Black Ice Barcode SDK - Code Injection

Title source: rule

Description

The BIDIB.BIDIBCtrl.1 ActiveX control in BIDIB.ocx 10.9.3.0 in Black Ice Barcode SDK 5.01 allows remote attackers to execute arbitrary code via long strings in the two arguments to the DownloadImageFileURL method, which trigger memory corruption. NOTE: some of these details are obtained from third party information.

Exploits (1)

exploitdb WORKING POC VERIFIED

by shinnai · htmlremotewindows

https://www.exploit-db.com/exploits/5750

View Code ZIP pw:eip

References (5)

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/42896

[Vendor Advisory] http://secunia.com/advisories/30548

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/29579

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/5750

[Third Party Advisory] http://www.vupen.com/english/advisories/2008/1768/references

Scores

EPSS 0.1345

EPSS Percentile 94.2%

Details

CWE

CWE-94

Status published

Products (1)

blackice/black_ice_barcode_sdk 5.01

Published Jun 12, 2008

Tracked Since Feb 18, 2026