CVE Vulnerability

CVE-2008-0647

Multiple stack-based buffer overflows in the HanGamePluginCn18.HanGamePluginCn18.1 ActiveX control in HanGamePluginCn18.dll in Ourgame GLWorld 2.6.1.29 (aka Lianzong Game Platform) allow remote attackers to execute arbitrary code via long arguments to the (1) hgs_startGame and (2) hgs_startNotify methods, as exploited in the wild as of February 2008. NOTE: some of these details are obtained from third party information.

10 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 10 / Impact : 10

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

Scope

References
Link Resource
http://www.symantec.com/enterprise/security_response/weblog/2008/02/zeroday_exploit_for_lianzong_g.html
http://secunia.com/advisories/28809 Vendor Advisory
http://www.securityfocus.com/bid/27626
http://www.vupen.com/english/advisories/2008/0427
https://www.exploit-db.com/exploits/5153
Configurations

Configuration 1

cpe:2.3:a:ourgame.com:glworld:2.6.1.29:*:*:*:*:*:*:*
cpe:2.3:a:ourgame.com:hangameplugincn18_activex_control:*:*:*:*:*:*:*:*
Information

Published : 2008-02-07 09:00

Updated : 2017-09-29 01:30

NVD link : CVE-2008-0647

Mitre link : CVE-2008-0647

Products Affected
No products.
CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer