Update Protection against MW6 Technologies Barcode.dll ActiveX Control Buffer Overflow
| Check Point Reference: | CPAI-2009-035 | |
| Date Published: | ||
| Severity: | ||
| Source: | Secunia Advisory: SA33663 | |
| Industry Reference(s): | CVE-2009-0298 | |
| Protection Provided by: |
IPS-1
|
|
| Who is Vulnerable? | ||
| Vulnerability Description A buffer overflow vulnerability was reported in Barocade, a software provided by MW6 Technologies. The vulnerability is due to a boundary error while processing user input. A remote attacker can exploit this vulnerability by convincing the user to open a crafted html file. Successful exploitation may lead to arbitrary code execution in the security context of the logged-in user. |
||
|
Vulnerability Details As part of its software, MW6 Technologies includes various ActiveX controls that are used to process the barcode data. One of these ActiveX controls is barcode.dll. A heap overflow vulnerability exists in the barcode.dll control. Specifically, the vulnerability exists in the processing of the Supplement property. This can be exploited to cause a heap-based buffer overflow via an overly long string assigned to the "Supplement" property. |
Protection Overview
By enabling this protection, IPS-1 will detect and block attempts to access the ActiveX controls for MW6 Technologies Barcode.dll ActiveX Control.
To configure the defense, select your product from the list below and follow the related protection steps.