CVE-2008-3209

Black Ice Document Imaging SDK 10.95 - Buffer Overflow

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-3209. PoCs published by r0ut3r.

AI-analyzed exploit summary This is a DoS proof-of-concept exploit for CVE-2008-3209, targeting a buffer overflow in the Black Ice Document Imaging SDK (biimgfrm.ocx). The exploit triggers a crash by passing an overly long string to the GetNumberOfImagesInGifFile method.

Description

Heap-based buffer overflow in the OpenGifFile function in BiGif.dll in Black Ice Document Imaging SDK 10.95 allows remote attackers to execute arbitrary code via a long string argument to the GetNumberOfImagesInGifFile method in the BIImgFrm Control ActiveX control in biimgfrm.ocx. NOTE: some of these details are obtained from third party information.

Exploits (1)

exploitdb WORKING POC VERIFIED

by r0ut3r · htmldoswindows

https://www.exploit-db.com/exploits/6083

View Code ZIP pw:eip

This is a DoS proof-of-concept exploit for CVE-2008-3209, targeting a buffer overflow in the Black Ice Document Imaging SDK (biimgfrm.ocx). The exploit triggers a crash by passing an overly long string to the GetNumberOfImagesInGifFile method.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Black Ice Document Imaging SDK 10.95

No auth needed

Prerequisites: Victim must open the malicious HTML file in a browser with the vulnerable OCX registered

MITRE ATT&CK