TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
916
DataMatrix barcoding function. It is used for reading/decoding, searching barcodes, and detecting barcode orientation.
DataMatrix barcodes can store large amounts of data in a small symbol, up to a maximum 3,116 Digits or 2,335 ASCII
characters. Using DataMatrix barcodes, developers can eliminate database information retrieval, and can simply read
all account details from the DataMatrix barcode symbol itself. Black Ice, BITiff.ocx in Barcode SDK 5.01,
SetByteOrder() method is vulnerable to stack based buffer overflow attack. By persuading a victim to visit a specially-
crafted Web site, remote attacker could overflow a buffer and execute arbitrary code on the system with administrator
privileges or cause the application to crash. No remedy available as of July 6, 2008, user can set killbit to the clsid
2324B5B7-D3EF-464C-BB35-06EFF8F11EB3 to resolve this issue.
Signature ID: 35285
Black Ice Barcode SDK BITiff.ocx ActiveX control buffer overflow Vulnerability
Threat Level: Severe
Industry ID: CVE-2008-2693
Signature Description: The Black Ice Barcode Reading SDK/ActiveX toolkit is a robust and efficient library 2D
DataMatrix barcoding function. It is used for reading/decoding, searching barcodes, and detecting barcode orientation.
DataMatrix barcodes can store large amounts of data in a small symbol, up to a maximum 3,116 Digits or 2,335 ASCII
characters. Using DataMatrix barcodes, developers can eliminate database information retrieval, and can simply read
all account details from the DataMatrix barcode symbol itself. Black Ice, BITiff.ocx in Barcode SDK 5.01,
SetByteOrder() method is vulnerable to stack based buffer overflow attack. By persuading a victim to visit a specially-
crafted Web page containing hex encoded data, remote attacker could overflow a buffer and execute arbitrary code on
the system with administrator privileges or cause the application to crash. No remedy available as of July 6, 2008, user
can set killbit to the clsid 2324B5B7-D3EF-464C-BB35-06EFF8F11EB3 to resolve this issue.
Signature ID: 35286
Black Ice Barcode SDK BITiff.ocx ActiveX control buffer overflow Vulnerability
Threat Level: Severe
Industry ID: CVE-2008-2693
Signature Description: The Black Ice Barcode Reading SDK/ActiveX toolkit is a robust and efficient library 2D
DataMatrix barcoding function. It is used for reading/decoding, searching barcodes, and detecting barcode orientation.
DataMatrix barcodes can store large amounts of data in a small symbol, up to a maximum 3,116 Digits or 2,335 ASCII
characters. Using DataMatrix barcodes, developers can eliminate database information retrieval, and can simply read
all account details from the DataMatrix barcode symbol itself. Black Ice, BITiff.ocx in Barcode SDK 5.01,
SetByteOrder() method is vulnerable to stack based buffer overflow attack. By persuading a victim to visit a specially-
crafted Web page containing %u encoded data, remote attacker could overflow a buffer and execute arbitrary code on
the system with administrator privileges or cause the application to crash. No remedy available as of July 6, 2008, user
can set killbit to the clsid 2324B5B7-D3EF-464C-BB35-06EFF8F11EB3 to resolve this issue.
Signature ID: 35287
Black Ice Barcode SDK BITiff.ocx ActiveX control buffer overflow Vulnerability
Threat Level: Severe
Industry ID: CVE-2008-2693
Signature Description: The Black Ice Barcode Reading SDK/ActiveX toolkit is a robust and efficient library 2D
DataMatrix barcoding function. It is used for reading/decoding, searching barcodes, and detecting barcode orientation.
DataMatrix barcodes can store large amounts of data in a small symbol, up to a maximum 3,116 Digits or 2,335 ASCII
characters. Using DataMatrix barcodes, developers can eliminate database information retrieval, and can simply read
all account details from the DataMatrix barcode symbol itself. Black Ice, BITiff.ocx in Barcode SDK 5.01 is vulnerable
to stack based buffer overflow vulnerability. By persuading a victim to visit a specially-crafted Web page, remote
attacker could overflow a buffer and execute arbitrary code on the system with administrator privileges. No remedy
available as of July 6, 2008, user can set killbit to the clsid 2324B5B7-D3EF-464C-BB35-06EFF8F11EB3 to resolve
this issue.