HTTP: Morovia Barcode ActiveX Control Arbitrary File Overwrite Vulnerability
This signature detects attempts to use unsafe ActiveX controls in Morovia Barcode. An attacker can create a malicious Web site containing Web pages with dangerous ActiveX controls, which if accessed by a victim, allows the attacker to gain control of the victim's client browser.
Extended Description
The Morovia Barcode ActiveX control is prone to an arbitrary-file-overwrite vulnerability. An attacker can exploit this issue to overwrite arbitrary files on the affected computer. Successful attacks may aid in further attacks against the computer. Failed attempts will likely cause denial-of-service conditions.
Affected Products
Morovia morovia_barcode_activex_professional
References
BugTraq: 23934
URL: http://www.morovia.com/activex/barcode-activex.asp http://support.microsoft.com/kb/240797
Short Name
HTTP:STC:ACTIVEX:MOROVIA-BARCOD
Severity
Major
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
ActiveX Arbitrary Barcode Control File Morovia Overwrite Vulnerability bid:23934
Release Date
07/26/2012
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Morovia