Vulnerabilities > CVE-2009-1212 - Arbitrary File Overwrite vulnerability in PrecisionID Data Matrix Barcode ActiveX Control

047910
CVSS 7.8 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
COMPLETE
Availability impact
NONE
network
low complexity
precisionid
exploit available
NVD
Published: 2009-04-01
Updated: 2018-10-10

Summary

Multiple insecure method vulnerabilities in PRECIS~2.DLL in the PrecisionID Datamatrix ActiveX control (DMATRIXLib.Datamatrix) allow remote attackers to overwrite arbitrary files via the (1) SaveBarCode and (2) SaveEnhWMF methods.

Vulnerable Configurations

Part Description Count
Application
Precisionid
1

Exploit-Db

descriptionPrecisionID Datamatrix ActiveX Arbitrary File Overwrite Vuln. CVE-2009-1212. Remote exploit for windows platform
fileexploits/windows/remote/8332.txt
idEDB-ID:8332
last seen2016-02-01
modified2009-03-31
platformwindows
port
published2009-03-31
reporterDSecRG
sourcehttps://www.exploit-db.com/download/8332/
titlePrecisionID Datamatrix - ActiveX Arbitrary File Overwrite Vuln
typeremote

Seebug

bulletinFamilyexploit
descriptionBUGTRAQ ID: 34322 CVE(CAN) ID: CVE-2009-1212 PrecisionID Data Matrix是用于生成二维条码的工具。 PrecisionID所提供的DMATRIXLib.Datamatrix ActiveX控件没有正确地验证用户对SaveBarCode()和SaveEnhWMF()方式所提交的输入参数: Sub SaveBarCode ( ByVal path As String ) Sub SaveEnhWMF ( ByVal path As String ) 如果用户受骗访问了恶意网页并向上述方式传送了恶意参数的话,就可能导致向系统上任意位置写入文件。 PrecisionID Data Matrix ActiveX 临时解决方法: * 为clsid:6C951D10-B07F-11DB-A6ED-0050C2490048设置kill-bit。 厂商补丁: PrecisionID ----------- 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: <a href=http://www.precisionid.com/ target=_blank rel=external nofollow>http://www.precisionid.com/</a>
idSSV:4988
last seen2017-11-19
modified2009-04-02
published2009-04-02
reporterRoot
sourcehttps://www.seebug.org/vuldb/ssvid-4988
titlePrecisionID Data Matrix Barcode ActiveX控件任意文件覆盖漏洞

References