CVE-2008-0647

High PUBLISHED

Multiple stack-based buffer overflows in the HanGamePluginCn18.HanGamePluginCn18.1 ActiveX control in HanGamePluginCn18.dll in Ourgame GLWorld...

Ourgame · GLWorld

Not yet in CISA KEV

Exploited in the wild

Recommended Action

Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.

Confidence
High
Exploitation Status
Exploited in the wild
Observed in Sensors
No
Attempts (30d)
Unique Attacker IPs
CISA KEV
Not yet in CISA KEV
CVSS / EPSS
10.0 High

At a Glance

Multiple stack-based buffer overflows in the HanGamePluginCn18.HanGamePluginCn18.1 ActiveX control in HanGamePluginCn18.dll in Ourgame GLWorld 2.6.1.29 (aka Lianzong Game Platform) allow remote attackers to execute arbitrary code via long arguments to the (1) hgs_startGame and (2) hgs_startNotify methods, as exploited in the wild as of February 2008. NOTE: some of these details are obtained from third party information.

CVE Published
Feb 07, 2008
Exploitation Reported
Feb 07, 2008
CVSS
10.0 High
EPSS
Remote Low complexity Unauthenticated

Affected Versions

Vendor Product Version Status
n/a
n/a

n/a

Affected

CVE References

  • 28809 secunia.com · Third-Party Advisory http://secunia.com/advisories/28809
  • 5153 exploit-db.com · Exploit https://www.exploit-db.com/exploits/5153
  • 27626 securityfocus.com · VDB Entry http://www.securityfocus.com/bid/27626
  • ADV-2008-0427 vupen.com · VDB Entry http://www.vupen.com/english/advisories/2008/0427
  • symantec.com/enterprise/security_response/weblog/2008/02/... symantec.com · CVE Record http://www.symantec.com/enterprise/security_response/weblog/2008/02/z...

Recommended Actions

  • Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.
  • Use the Pro API to automate enrichment, telemetry, and workflow delivery for VM, SOC, and CTI pipelines.