1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. HTTP Precision Data Matrix ActiveX BO

HTTP Precision Data Matrix ActiveX BO

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signatures detects attempt to exploit buffer overflow vulnerability by passing arguments containing more than 295 characters to 'SaveBarCode' method of the 'PrecisionID_DataMatrix.dll' ActiveX Control .

Additional Information

PrecisionID is an ActiveX control barcode library that integrates with Microsoft Access, Excel, Internet Explorer, Visual Basic, and most other Windows applications.

PrecisionID Barcode ActiveX control is prone to a denial-of-service vulnerability because it fails to perform adequate checks on user-supplied input data.

This issue occurs when an excessive amount of data is passed to the 'SaveBarCode' method of the 'PrecisionID_DataMatrix.dll' library.

Attackers can exploit this issue to crash the browsers of unsuspecting users, resulting in a denial of service. Remote code execution may also be possible, but has not been confirmed.

The ActiveX control uses CLSID: 6C951D10-B07F-11DB-A6ED-0050C2490048.

PrecisionID Barcode ActiveX control 1.3 is vulnerable; other versions may also be affected.

Affected

  • PrecisionID Barcode ActiveX control 1.3 is vulnerable; other versions may also be affected.

Response

Ensure that the latest version of the PrecisionID Barcode software has been installed along with all vendor supplied patches.

Additional References

  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube