CVE-2007-5722

High PUBLISHED

Stack-based buffer overflow in a certain ActiveX control in GLChat.ocx 2.5.1.32 in GlobalLink 2.7.0.8, as used in Ourgame GLWorld and possibly...

Ourgame · GLWorld

Not yet in CISA KEV

Exploited in the wild

Recommended Action

Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.

Confidence
High
Exploitation Status
Exploited in the wild
Observed in Sensors
No
Attempts (30d)
Unique Attacker IPs
CISA KEV
Not yet in CISA KEV
CVSS / EPSS
7.5 High

At a Glance

Stack-based buffer overflow in a certain ActiveX control in GLChat.ocx 2.5.1.32 in GlobalLink 2.7.0.8, as used in Ourgame GLWorld and possibly other products, allows remote attackers to execute arbitrary code via a long first argument to the ConnectAndEnterRoom method, possibly involving the GLCHAT.GLChatCtrl.1 control, as originally exploited in the wild in October 2007. NOTE: some of these details are obtained from third party information. NOTE: this was originally reported as a heap-based issue by some sources.

CVE Published
Oct 30, 2007
Exploitation Reported
Oct 30, 2007
CVSS
7.5 High
EPSS
Remote Low complexity Unauthenticated

Affected Versions

Vendor Product Version Status
n/a
n/a

n/a

Affected

CVE References

  • 27500 secunia.com · Third-Party Advisory http://secunia.com/advisories/27500
  • ourgame-glworld-glchatctrl-bo(38222) exchange.xforce.ibmcloud.com · VDB Entry https://exchange.xforce.ibmcloud.com/vulnerabilities/38222
  • 26244 securityfocus.com · VDB Entry http://www.securityfocus.com/bid/26244
  • 38837 osvdb.org · VDB Entry http://osvdb.org/38837

Recommended Actions

  • Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.
  • Use the Pro API to automate enrichment, telemetry, and workflow delivery for VM, SOC, and CTI pipelines.