CVE-2008-4924

Name of the Vulnerable Software and Affected Versions BARCODELib.MW6Barcode, Barcode.dll version 3.0.0.1

Description The issue concerns insecure methods in the MW6 Technologies 1D Barcode ActiveX control, allowing remote attackers to overwrite arbitrary files. This is achieved by providing a full pathname argument to the (1) SaveAsBMP and (2) SaveAsWMF methods.

Recommendations For version 3.0.0.1, consider disabling the SaveAsBMP and SaveAsWMF methods until a patch is available to prevent remote attackers from overwriting arbitrary files. Restrict access to the Barcode.dll module to minimize the risk of exploitation. Avoid using the full pathname argument in the affected methods until the issue is resolved.