CVE-2010-2932

BarCodeWiz BarCode 3.29 ActiveX Control - Buffer Overflow via LoadProperties Method

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2010-2932. PoCs published by Dr_IDE, loneferret.

AI-analyzed exploit summary This exploit leverages a heap spray technique to trigger a vulnerability in Barcodewiz ActiveX control (CVE-2010-2932), leading to arbitrary code execution (calc.exe) on Windows XP SP3 with IE6/IE7. The shellcode is embedded in the HTML and executed via JavaScript manipulation of the ActiveX object.

Description

Buffer overflow in BarCodeWiz BarCode 3.29 ActiveX control (BarcodeWiz.dll) allows remote attackers to execute arbitrary code via a long argument to the LoadProperties method.

Exploits (3)

exploitdb WORKING POC VERIFIED
by Dr_IDE · htmlremotewindows
https://www.exploit-db.com/exploits/14519

This exploit leverages a heap spray technique to trigger a vulnerability in Barcodewiz ActiveX control (CVE-2010-2932), leading to arbitrary code execution (calc.exe) on Windows XP SP3 with IE6/IE7. The shellcode is embedded in the HTML and executed via JavaScript manipulation of the ActiveX object.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Barcodewiz ActiveX Control 3.29
No auth needed
Prerequisites: Victim must visit a malicious webpage using IE6/IE7 on Windows XP SP3 · Barcodewiz ActiveX control must be installed and vulnerable
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by loneferret · htmlremotewindows
https://www.exploit-db.com/exploits/14505

This exploit targets a buffer overflow vulnerability in BarCodeWiz Barcode ActiveX Control 3.29 via the LoadProperties method. It uses a SEH-based exploit with shellcode to execute calc.exe, demonstrating remote code execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: BarCodeWiz Barcode ActiveX Control 3.29
No auth needed
Prerequisites: Victim must visit a malicious webpage using Internet Explorer 6 on Windows XP SP3 · BarCodeWiz ActiveX Control must be installed
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by loneferret · htmldoswindows
https://www.exploit-db.com/exploits/14504

This is a proof-of-concept exploit for CVE-2010-2932, targeting a SEH overflow vulnerability in BarCodeWiz Barcode ActiveX Control 3.29 via the LoadProperties method. The exploit uses a buffer overflow to overwrite the SEH handler, demonstrating potential for arbitrary code execution.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: BarCodeWiz Barcode ActiveX Control 3.29
No auth needed
Prerequisites: Victim must open the malicious HTML file in a vulnerable version of Internet Explorer
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6
Core References
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/42097
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/40786
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/14505
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/60838
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/14504
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/14519

Scores

EPSS 0.0690
EPSS Percentile 93.2%

Details

CWE
CWE-119
Status published
Products (1)
barcodewiz/barcode_activex_control 3.29
Published Aug 05, 2010
Tracked Since Feb 18, 2026