CVE-2018-5221

Опубликовано: 09 янв. 2018

Источник: nvd

CVSS3: 8.8

CVSS2: 6.8

EPSS Низкий

Описание

Multiple buffer overflows in BarCodeWiz BarCode before 6.7 ActiveX control (BarcodeWiz.DLL) allow remote attackers to execute arbitrary code via a long argument to the (1) BottomText or (2) TopText property.

Ссылки

http://hyp3rlinx.altervista.org/advisories/BARCODEWIZ-v6.7-ACTIVEX-COMPONENT-BUFFER-OVERFLOW.txt
Exploit
Third Party Advisory
http://packetstormsecurity.com/files/145731/BarcodeWiz-ActiveX-Control-Buffer-Overflow.html
Exploit
Third Party Advisory
VDB Entry
http://hyp3rlinx.altervista.org/advisories/BARCODEWIZ-v6.7-ACTIVEX-COMPONENT-BUFFER-OVERFLOW.txt
Exploit
Third Party Advisory
http://packetstormsecurity.com/files/145731/BarcodeWiz-ActiveX-Control-Buffer-Overflow.html
Exploit
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:barcodewiz:barcode_activex_control:*:*:*:*:*:*:*:*

Версия до 6.7 (исключая)

EPSS

Процентиль: 91%

0.07231

Низкий

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-119

Связанные уязвимости

GHSA-9f4f-vcpj-64xm