CVE-2018-5221

Vulnerability

The BarCodeWiz ActiveX control (BarcodeWiz.DLL) versions before 6.7 contain multiple buffer overflow vulnerabilities in the BottomText and TopText properties. An overly long string passed to either property triggers a stack-based buffer overflow, overwriting the Structured Exception Handler (SEH) [2]. The control is marked safe for scripting and initialization, making it accessible from Internet Explorer.

Exploitation

An attacker can host a malicious web page that instantiates the ActiveX control and sets the BottomText or TopText property to a crafted long string. The user must visit the page using Internet Explorer with the vulnerable control installed. No additional authentication or privileges are required beyond normal web browsing. The overflow overwrites the SEH chain, allowing the attacker to control execution flow [2].

Impact

Successful exploitation results in arbitrary code execution in the context of the user running Internet Explorer. The attacker gains the same privileges as the user, potentially leading to full system compromise if the user has administrative rights. The vulnerability affects confidentiality, integrity, and availability.

Mitigation

The vendor released version 6.7 to address the vulnerability. Users should upgrade to BarCodeWiz 6.7 or later. No workaround is available; disabling the ActiveX control via kill bits or using a different browser may reduce risk. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities catalog as of the publication date.