1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. HTTP MW6 Technologies Barcode ActiveX BO

HTTP MW6 Technologies Barcode ActiveX BO

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects a heap-based buffer-overflow vulnerability in the MW6 Technologies Barcode ActiveX Control which may result in remote code execution.

Additional Information

MW6 Technologies Barcode ActiveX is an ActiveX control used for creating device-independent barcodes.

Barcode ActiveX is prone to a heap-based buffer-overflow vulnerability. Specifically, this issue stems from a boundary condition in the 'Supplement' property of the 'Barcode.dll' ActiveX control. By passing an overly long string to the property, an attacker can trigger a heap-based buffer overflow.

The ActiveX control identified by CLSID:

14D09688-CFA7-11D5-995A-005004CE563B

The attacker can exploit this issue to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed attacks will likely cause denial-of-service conditions.

Response

Download and install all vendor patches related to this vulnerability.

Additional References

  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube