RKD Software contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system.
The vulnerability exists because the BeginPrint() function that is used by the BarCodeAx.dll ActiveX control does not perform sufficient boundary checks on user-supplied input. An unauthenticated, remote attacker could exploit this vulnerability by enticing a targeted user to visit a website that is designed to pass an overly large string to the BeginPrint() function. Processing the crafted input could cause a stack-based buffer overflow, which may result in memory corruption. The attacker could leverage this memory corruption to execute arbitrary code on the system.
Proof-of-concept code that demonstrates this vulnerability is publicly available.
RKD Software has not confirmed this vulnerability, and software updates are not available.