TEC-IT TBarCode OCX ActiveX Control Arbitrary File Overwrite Vulnerability
TITLE: TEC-IT TBarCode OCX ActiveX Control Arbitrary File Overwrite Vulnerability
CLASS: Input Validation Error
CVE:
REMOTE: Yes
LOCAL: No
PUBLISHED: Jun 12 2007 12:00AM
UPDATE: Jun 13 2007 04:59AM
CREDIT: shinnai is credited with the discovery of this vulnerability.
VULNERABLE:
TEC-IT TBarCode OCX 0NOT VULNERABLE:
Vai alla pagina originale su Security Focus
Discussion
TBarCode ActiveX control is prone to a vulnerability that could permit an attacker to overwrite arbitrary files.
The attacker can exploit this issue to overwrite arbitrary files on the victim's computer in the context of the vulnerable application using the ActiveX control (typically Internet Explorer).
Exploit
The following proof-of-concept exploit is available:
Solution
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:vuldb@securityfocus.com.
References
References:
- Bar Code Tools for Microsoft Windows (TEC-IT)
- Microsoft Knowledge Base article 240797 (Microsoft)