---------------------------------------------------------------------- Want a new job? http://secunia.com/secunia_security_specialist/ http://secunia.com/hardcore_disassembler_and_reverse_engineer/ ---------------------------------------------------------------------- TITLE: Black Ice Barcode SDK Multiple Vulnerabilities SECUNIA ADVISORY ID: SA30548 VERIFY ADVISORY: http://secunia.com/advisories/30548/ CRITICAL: Highly critical IMPACT: System access WHERE: >From remote SOFTWARE: Black Ice Barcode SDK 5.x http://secunia.com/product/18992/ DESCRIPTION: shinnai has discovered some vulnerabilities in Black Ice Barcode SDK, which can be exploited by malicious people to compromise a user's system. 1) The BIDIB.BIDIBCtrl.1 ActiveX control (BIDIB.ocx) includes the insecure "DownloadImageFileURL()" method, which can be exploited to download an arbitrary file to an arbitrary location on a vulnerable system when a user e.g. visits a malicious website. 2) An error in the BIDIB.BIDIBCtrl.1 ActiveX control when handling the "DownloadImageFileURL()" method can be exploited to cause a memory corruption via overly long arguments. Successful exploitation allows execution of arbitrary code. 3) A boundary error in the BITIFF.BITiffCtrl.1 ActiveX control (BITiff.ocx) when handling the "SetByteOrder()" method can be exploited to cause a stack-based buffer overflow via overly long arguments. Successful exploitation allows execution of arbitrary code. The vulnerabilities are confirmed in Black Ice Barcode SDK version 5.01. Other versions may also be affected. SOLUTION: Set the kill-bit for the affected ActiveX controls. PROVIDED AND/OR DISCOVERED BY: shinnai ORIGINAL ADVISORY: http://www.milw0rm.com/exploits/5746 http://www.milw0rm.com/exploits/5747 http://www.milw0rm.com/exploits/5750 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------