CVE-2008-2684

EUVD-2008-2679
The BIDIB.BIDIBCtrl.1 ActiveX control in BIDIB.ocx 10.9.3.0 in Black Ice Barcode SDK 5.01 allows remote attackers to execute arbitrary code via long strings in the two arguments to the DownloadImageFileURL method, which trigger memory corruption.  NOTE: some of these details are obtained from third party information.
Code Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:C/I:C/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 94%
Affected Products (NVD)
VendorProductVersion
blackiceblack_ice_barcode_sdk
5.01
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://secunia.com/advisories/30548
http://www.securityfocus.com/bid/29579
http://www.vupen.com/english/advisories/2008/1768/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/42896
https://www.exploit-db.com/exploits/5750
http://secunia.com/advisories/30548
http://www.securityfocus.com/bid/29579
http://www.vupen.com/english/advisories/2008/1768/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/42896
https://www.exploit-db.com/exploits/5750