Lucene search

[email protected]CVE-2008-0220

HistoryJan 10, 2008 - 11:46 p.m.

CVE-2008-0220

2008-01-1023:46:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2008-0220

stack-based buffer overflow

weblaunch

activex control

gateway weblaunch

remote code execution

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.8 High

AI Score

Confidence

High

0.342 Low

EPSS

Percentile

97.1%

JSON

Multiple stack-based buffer overflows in the WebLaunch.WeblaunchCtl.1 (aka CWebLaunchCtl) ActiveX control in weblaunch.ocx 1.0.0.1 in Gateway Weblaunch allow remote attackers to execute arbitrary code via a long string in the (1) second or (2) fourth argument to the DoWebLaunch method. NOTE: some of these details are obtained from third party information.

Affected configurations

NVD

Node

gatewaycweblaunchctl_activex_controlMatch1.0.0.1

gatewayweblaunch

CPENameOperatorVersion
gateway:cweblaunchctl_activex_controlgateway cweblaunchctl activex controleq1.0.0.1
gateway:weblaunchgateway weblauncheq*

CPE	Name	Operator	Version
gateway:cweblaunchctl_activex_control	gateway cweblaunchctl activex control	eq	1.0.0.1
gateway:weblaunch	gateway weblaunch	eq	*

References

marc.info/?l=full-disclosure&m=119984138526735&w=2

secunia.com/advisories/28379

www.kb.cert.org/vuls/id/735441

www.securityfocus.com/bid/27193

www.vupen.com/english/advisories/2008/0077

www.exploit-db.com/exploits/4869

www.exploit-db.com/exploits/4982

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.8 High

AI Score

Confidence

High

0.342 Low

EPSS

Percentile

97.1%

JSON

Related for CVE-2008-0220

cvelist1 prion1 nvd1