cbcvebase.
CVE-2008-0647
published 2008-02-07

CVE-2008-0647: Multiple stack-based buffer overflows in the HanGamePluginCn18.HanGamePluginCn18.1 ActiveX control in HanGamePluginCn18.dll in Ourgame GLWorld 2.6.1.29 (aka…

PriorityP265critical10CVSS 2.0
AVNACLAuNCCICAC
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
7.30%
93.6th percentile
Multiple stack-based buffer overflows in the HanGamePluginCn18.HanGamePluginCn18.1 ActiveX control in HanGamePluginCn18.dll in Ourgame GLWorld 2.6.1.29 (aka Lianzong Game Platform) allow remote attackers to execute arbitrary code via long arguments to the (1) hgs_startGame and (2) hgs_startNotify methods, as exploited in the wild as of February 2008. NOTE: some of these details are obtained from third party information.

Affected

1 ranges
VendorProductVersion rangeFixed in
ourgame.comglworld

Detection & IOCsextracted from sources · hover to see the quote

filenameHanGamePluginCn18.dll
otherHanGamePluginCn18.HanGamePluginCn18.1
commandhgs_startGame
commandhgs_startNotify
  • Detect exploitation attempts targeting the HanGamePluginCn18.HanGamePluginCn18.1 ActiveX control via calls to hgs_startGame or hgs_startNotify with abnormally long string arguments, indicative of stack-based buffer overflow exploitation.
  • This vulnerability was exploited in the wild as of February 2008; prioritize detection on systems with HanGamePluginCn18.dll present in the browser plugin path.
  • Monitor for ActiveX instantiation of the ProgID HanGamePluginCn18.HanGamePluginCn18.1 in browser processes, particularly followed by method calls with large argument buffers.
  • ·Some vulnerability details are derived from third-party sources and may not be fully verified by the primary vendor.

CVSS provenance

nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
vulncheck10.0CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.