CVE-2008-2693
published 2008-06-13CVE-2008-2693: Stack-based buffer overflow in the BITIFF.BITiffCtrl.1 ActiveX control in BITiff.ocx 10.9.3.0 in Black Ice Barcode SDK 5.01 allows remote attackers to execute…
PriorityP349critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
10.09%
95.1th percentile
Stack-based buffer overflow in the BITIFF.BITiffCtrl.1 ActiveX control in BITiff.ocx 10.9.3.0 in Black Ice Barcode SDK 5.01 allows remote attackers to execute arbitrary code via a long first argument to the SetByteOrder method.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| black_ice | barcode_sdk | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Black Ice Software Inc Barcode SDK - 'BITiff.ocx' Remote Buffer Overflow (2)
exploitdb·2008-06-05
CVE-2008-2693 Black Ice Software Inc Barcode SDK - 'BITiff.ocx' Remote Buffer Overflow (2)
Black Ice Software Inc Barcode SDK - 'BITiff.ocx' Remote Buffer Overflow (2)
---
Black Ice Software Inc Barcode SDK (BITiff.ocx) Remote Buffer Overflow
url: http://www.blackice.com
File : BITiff.ocx
Ver. : 10.9.3.0
CLSID: {2324B5B7-D3EF-464C-BB35-06EFF8F11EB3}
Mark.: RegKey Safe for Script: True
RegKey Safe for Init: True
Implements IObjectSafety: False
Author: shinnai
mail: shinnai[at]autistici[dot]org
site: http://shinnai.altervista.org
This was written for educational purpose. Use it at your own risk.
Author will be not responsible for any damage.
Windows XP Professional SP3 fully patched, with Internet Explorer 7
In memory of rgod
Sub tryMe
buff = String(260, "A")
get_EIP = unescape("%EB%BA%3F%7E")
nop = String(12, unescape("%90"))
shellcode = unescape("%eb%03%59%eb%05%e8%
Exploit-DB
Black Ice Software Inc Barcode SDK - 'BITiff.ocx' Remote Buffer Overflow (1)
exploitdb·2008-06-05
CVE-2008-2693 Black Ice Software Inc Barcode SDK - 'BITiff.ocx' Remote Buffer Overflow (1)
Black Ice Software Inc Barcode SDK - 'BITiff.ocx' Remote Buffer Overflow (1)
---
Black Ice Software Inc Barcode SDK (BITiff.ocx) Remote Buffer Overflow
url: http://www.blackice.com
File : BITiff.ocx
Ver. : 10.9.3.0
CLSID: {2324B5B7-D3EF-464C-BB35-06EFF8F11EB3}
Mark.: RegKey Safe for Script: True
RegKey Safe for Init: True
Implements IObjectSafety: False
Author: shinnai
mail: shinnai[at]autistici[dot]org
site: http://shinnai.altervista.org
This was written for educational purpose. Use it at your own risk.
Author will be not responsible for any damage.
Windows XP Professional SP3 fully patched, with Internet Explorer 7
Windows 2k Professional SP4 fully patched, with Internet Explorer 6
In memory of rgod
var shellcode = unescape( "%uE860%u0000%u0000%u815D%u06ED%u0000%u8A00%u1285%u00
No writeups or analysis indexed.
http://secunia.com/advisories/30548https://exchange.xforce.ibmcloud.com/vulnerabilities/42897https://www.exploit-db.com/exploits/5746https://www.exploit-db.com/exploits/5747http://secunia.com/advisories/30548https://exchange.xforce.ibmcloud.com/vulnerabilities/42897https://www.exploit-db.com/exploits/5746https://www.exploit-db.com/exploits/5747
2008-06-13
Published