CVE-2013-7246

Buffer overflow in the IconCreate method in an ActiveX control in the DaumGame ActiveX plugin 1.1.0.4 and 1.1.0.5 allows remote attackers to...

Basic Information

CVE State: PUBLISHED
Reserved Date: December 31, 2013
Published Date: January 30, 2014
Last Updated: August 06, 2024
Vendor: Daum
Product: DaumGame ActiveX plugin
Description: Buffer overflow in the IconCreate method in an ActiveX control in the DaumGame ActiveX plugin 1.1.0.4 and 1.1.0.5 allows remote attackers to execute arbitrary code via a long string, as exploited in the wild in January 2014.

CVSS Scores

CVSS v2.0

9.3

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploit Status

Exploited in the Wild: Yes (2014-01-30 18:00:00 UTC) Source

References

http://packetstormsecurity.com/files/124886 http://www.exploit-db.com/exploits/31179 https://exchange.xforce.ibmcloud.com/vulnerabilities/90588 http://blog.spiderlabs.com/2014/01/daumgame-activex-0day.html http://seclists.org/fulldisclosure/2014/Jan/132 https://www.trustwave.com/spiderlabs/advisories/TWSL2014-002.txt

Known Exploited Vulnerability Information

Source	Added Date
CVE	2014-01-30 18:00:00 UTC

Timeline

CVE ID Reserved

December 31, 2013
CVE Published to Public

January 30, 2014
Added to KEVIntel

January 30, 2014