# BarCodeWiz Barcode ActiveX Control 3.29 BoF (SEH) # Bug found: 24th July 2010 # Author: loneferret # Software: http://www.barcodewiz.com/ # Nods to exploit-db.com # Vulnerable file BarCodeWiz.dll # LoadProperties method # Tested on: Windows XP Professional SP3 with Internet Explorer 6 # [Needs adjustment for Internet Explorer 7] # Vendor contacted: 24th July 2010 # Vendor first reply: 26th July 2010: Wanting more information # Vendor contacted: 26th July 2010: Sent 2 proof of concepts files # Vendor contacted: 29 July 2010: Asked for update # No Response from vendor: 30 July 2010 # Public Release : 30 July 2010 # # Shellcode calc.exe # ----HTML FILE FROM HERE ON----- Barcodewiz 3.29