GLWorld.HanGamePluginCN18.ActiveX

NameGLWorld.HanGamePluginCN18.ActiveX.Control.Access
Last Updated DateDec 02, 2008
Release DateFeb 06, 2008
SeverityCritical
ImpactSystem Compromise: remote attackers can gain control of vulnerable systems.
DescriptionThis indicates an attempt to exploit a buffer overflow vulnerability in the Lianzong ActiveX control, part of a Chinese gaming platform.

The ActiveX control (CLSID:61F5C358-60FB-4A23-A312-D2B556620F20) is vulnerable to a buffer overflow attack through the "hgs_startgame()" and "hgs_startnotify()" functions. By passing an overly long string, a remote attacker can execute arbitrary code on vulnerable computers.
Affected ProductsGLWORLD.2.8.1.2.beta.
Recommended ActionsUpgrade to latest version when available, or set the kill bit for the vulnerable ActiveX control.
Common Vulnerabilities and Exposures (CVE)http://cve.mitre.org/cgi-bin/cvename.cgi?name=2008-0647
Reference/shttp://www.securityfocus.com/bid/27626 (BugTraq)
http://www.vupen.com/english/advisories/2008/0427 (FrSIRT)
http://blog.trendmicro.com/targeted-attack-against-chinese-gamers-in-new-zero-day-exploit/
http://milw0rm.org/exploits/5153
http://www.symantec.com/enterprise/security_response/weblog/2008/02/zeroday_exploit_for_lianzong_g.html
Reference: VID-15387