CVE-2007-2755

Vulnerability

The PrecisionID Barcode 1.9 ActiveX control (PrecisionID_Barcode.dll) exposes a SaveToFile method that accepts a full pathname without proper validation. When Internet Explorer 6 is used, a remote attacker can invoke this method to overwrite any file on the system. The vulnerability is distinct from CVE-2007-2744 and affects all software using this control [1][2].

Exploitation

An attacker hosts a malicious web page containing an embedded ActiveX object with the vulnerable CLSID ({731766D0-8541-11DB-99C1-0050C2490048}). The page includes VBScript that calls test.SaveToFile with an arbitrary path (e.g., c:\windows\system.ini). User interaction is required—the user must click a button to trigger the exploit. The attack works on fully patched Windows XP SP2 with IE 6 [1][2].

Impact

Successful exploitation overwrites the target file with the attacker's content. The proof-of-concept overwrites system.ini, which can prevent the system from restarting, leading to denial of service. No code execution is achieved, but arbitrary file overwrite can cause system instability or data loss [1][2].

Mitigation

No official patch has been released. The vendor (PrecisionID) may have discontinued the product. As a workaround, set the kill bit for the ActiveX control's CLSID ({731766D0-8541-11DB-99C1-0050C2490048}) to prevent Internet Explorer from instantiating it. Using Internet Explorer 7 reportedly causes the browser to stop responding, but this is not a reliable mitigation. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities catalog [1][2].