CVE-2007-2657

Vulnerability

The PrecisionID Barcode ActiveX control (PrecisionID_DataMatrix.DLL) version 1.3 contains an unspecified vulnerability in the SaveBarCode method. An overly long string argument passed to this method causes a crash, leading to denial of service. This affects the control identified by CLSID {6C951D10-B07F-11DB-A6ED-0050C2490048} and is exploitable in any software that uses this ActiveX control, as demonstrated on Windows XP Professional SP2 with Internet Explorer 7 [1][2].

Exploitation

The attacker must host a webpage containing a crafted ActiveX control instantiation and a VBScript that calls SaveBarCode with a long string. The exploit shown uses String(304, "B") concatenated with shellcode placeholder and then String(709, "C") as the argument. User interaction is required—the user must click a button on the page to trigger the exploit. No authentication or special network position is needed; the victim merely visits the attacker's page and clicks the button [2].

Impact

Successful exploitation results in a denial of service: the browser (or the hosting application) crashes due to a memory corruption condition. No code execution or data exfiltration is demonstrated in the available references; the impact is limited to availability (crash) [1][2].

Mitigation

No fix or updated version has been released by PrecisionID for this vulnerability as of the publication date. As the ActiveX control may be marked as unsafe for scripting, users can mitigate by disabling the control via the kill-bit or by using a browser that does not support ActiveX. The vendor's status or end-of-life is not disclosed in the references [1][2].