cbcvebase.
CVE-2007-5722
published 2007-10-30

CVE-2007-5722: Stack-based buffer overflow in a certain ActiveX control in GLChat.ocx 2.5.1.32 in GlobalLink 2.7.0.8, as used in Ourgame GLWorld and possibly other products…

PriorityP265high7.5CVSS 2.0
AVNACLAuNCPIPAP
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
11.70%
95.5th percentile
Stack-based buffer overflow in a certain ActiveX control in GLChat.ocx 2.5.1.32 in GlobalLink 2.7.0.8, as used in Ourgame GLWorld and possibly other products, allows remote attackers to execute arbitrary code via a long first argument to the ConnectAndEnterRoom method, possibly involving the GLCHAT.GLChatCtrl.1 control, as originally exploited in the wild in October 2007. NOTE: some of these details are obtained from third party information. NOTE: this was originally reported as a heap-based issue by some sources.

Detection & IOCsextracted from sources · hover to see the quote

filenameC:\Program Files\GlobalLink\Game\Share\GLChat.ocx
otherAE93C5DF-A990-11D1-AEBD-5254ABDD2B69
commandConnectAndEnterRoom
otherGLCHAT.GLChatCtrl.1
  • Monitor for instantiation of the vulnerable ActiveX control via its CLSID AE93C5DF-A990-11D1-AEBD-5254ABDD2B69 (ProgID: GLCHAT.GLChatCtrl.1) in browser or script contexts, which is the attack vector for this exploit.
  • Detect calls to the ConnectAndEnterRoom method on GLChat.ocx with an abnormally long first argument, indicative of a stack-based buffer overflow attempt.
  • The in-the-wild exploit drops a malicious executable from http://pic.16.vg/S368/S3682.exe; monitor for outbound HTTP requests to this URL or the domain pic.16.vg.
  • ·The vulnerability was originally reported as heap-based by some sources but is confirmed stack-based; detection rules should account for stack-based overflow patterns in GLChat.ocx.
  • ·The affected file GLChat.ocx version 2.5.1.32 is used in GlobalLink 2.7.0.8 and possibly other products (e.g., Ourgame GLWorld); the CLSID and ProgID may appear in multiple product installations.

CVSS provenance

nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vulncheck7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.