Vulnerabilities > CVE-2007-3435 - Buffer Overflow vulnerability in RKD Software Barcode Activex 4.9
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Stack-based buffer overflow in the BeginPrint method in a certain ActiveX control in RKD Software (barcodetools.com) BarCodeAx.dll 4.9 allows remote attackers to execute arbitrary code via a long argument.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
description RKD Software BarCodeAx.dll v4.9 ActiveX Remote Stack Buffer Overflow. CVE-2007-3435. Remote exploit for windows platform id EDB-ID:16565 last seen 2016-02-02 modified 2010-05-09 published 2010-05-09 reporter metasploit source https://www.exploit-db.com/download/16565/ title RKD Software BarCodeAx.dll 4.9 - ActiveX Remote Stack Buffer Overflow description BarCode ActiveX Control BarCodeAx.dll 4.9 Remote Overflow Exploit. CVE-2007-3435. Remote exploit for windows platform file exploits/windows/remote/4094.html id EDB-ID:4094 last seen 2016-01-31 modified 2007-06-22 platform windows port published 2007-06-22 reporter callAX source https://www.exploit-db.com/download/4094/ title BarCode ActiveX Control BarCodeAx.dll 4.9 - Remote Overflow Exploit type remote
Metasploit
| description | This module exploits a stack buffer overflow in RKD Software Barcode Application ActiveX Control 'BarCodeAx.dll'. By sending an overly long string to the BeginPrint method of BarCodeAx.dll v4.9, an attacker may be able to execute arbitrary code. |
| id | MSF:EXPLOIT/WINDOWS/BROWSER/BARCODE_AX49 |
| last seen | 2020-06-14 |
| modified | 2017-11-08 |
| published | 2010-02-12 |
| references | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3435 |
| reporter | Rapid7 |
| source | https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/browser/barcode_ax49.rb |
| title | RKD Software BarCodeAx.dll v4.9 ActiveX Remote Stack Buffer Overflow |
Packetstorm
| data source | https://packetstormsecurity.com/files/download/86297/barcode_ax49.rb.txt |
| id | PACKETSTORM:86297 |
| last seen | 2016-12-05 |
| published | 2010-02-15 |
| reporter | patrick |
| source | https://packetstormsecurity.com/files/86297/RKD-Software-BarCodeAx.dll-v4.9-ActiveX-Remote-Stack-Buffer-Overflow.html |
| title | RKD Software BarCodeAx.dll v4.9 ActiveX Remote Stack Buffer Overflow |
References
- http://goodfellas.shellcode.com.ar/own/VULWAR200706223.txt
- http://osvdb.org/37482
- http://secunia.com/advisories/25788
- http://www.securityfocus.com/archive/1/472189/100/0/threaded
- http://www.securityfocus.com/bid/24596
- http://www.vupen.com/english/advisories/2007/2305
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35011
- https://www.exploit-db.com/exploits/4094