1. Symantec-Broadcom-Horizontal/
  2. Security Response/
  3. Attack Signatures/
  4. HTTP ID Auto. Linear Barcode ActiveX BO

HTTP ID Auto. Linear Barcode ActiveX BO

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects attempt to exploit buffer overflow vulnerability by passing arguments large arguements to a method of the ID Automation Linear Barcode ActiveX control.

Additional Information

ID Automation provides an ActiveX control barcode library that integrates with Microsoft Access, Excel, Infopath, Internet Explorer, Visual Basic and C++.

ID Automation Linear Barcode ActiveX Control is prone to a denial-of-service vulnerability because it fails to perform adequate checks on user-supplied input data.

This issue occurs when an excessive amount of data is passed to the 'SaveEnhWMF' method of the 'IDAutomationLinear6.dll' library.

Attackers can exploit this issue to crash the browsers of unsuspecting users, resulting in a denial of service. Remote code execution may also be possible, but has not been confirmed.

ID Automation Linear Barcode ActiveX Control uses CLSID: 0C3874AA-AB39-4B5E-A768-45F3CE6C6819.

Affected

  • Version 1.6.0.5 is vulnerable; other versions may also be affected.

Response

Ensure that the latest version of ID Automation Linear Barcode software is installed and all available patches have been applied.-

Additional References

  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube