CVE-2008-2684

Black Ice Barcode SDK 5.01 - Remote Code Execution via BIDIB.BIDIBCtrl.1 ActiveX DownloadImageFileURL Method

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-2684. PoCs published by shinnai.

AI-analyzed exploit summary This exploit demonstrates two vulnerabilities in Black Ice Software's Barcode SDK (BIDIB.ocx): arbitrary file download and memory corruption via the DownloadImageFileURL method. The PoC uses VBScript to trigger these issues in Internet Explorer.

Description

The BIDIB.BIDIBCtrl.1 ActiveX control in BIDIB.ocx 10.9.3.0 in Black Ice Barcode SDK 5.01 allows remote attackers to execute arbitrary code via long strings in the two arguments to the DownloadImageFileURL method, which trigger memory corruption. NOTE: some of these details are obtained from third party information.

Exploits (1)

exploitdb WORKING POC VERIFIED

by shinnai · htmlremotewindows

https://www.exploit-db.com/exploits/5750

View Code ZIP pw:eip

This exploit demonstrates two vulnerabilities in Black Ice Software's Barcode SDK (BIDIB.ocx): arbitrary file download and memory corruption via the DownloadImageFileURL method. The PoC uses VBScript to trigger these issues in Internet Explorer.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Black Ice Software Barcode SDK (BIDIB.ocx) version 10.9.3.0

No auth needed

Prerequisites: Internet Explorer with ActiveX enabled · Victim interaction (clicking a button)

MITRE ATT&CK