Sign-up

ID

VAR-200801-0366


CVE

CVE-2008-0220


TITLE

Gateway CWebLaunchCtl ActiveX control buffer overflow

Trust: 0.8

sources: CERT/CC: VU#735441

DESCRIPTION

Multiple stack-based buffer overflows in the WebLaunch.WeblaunchCtl.1 (aka CWebLaunchCtl) ActiveX control in weblaunch.ocx 1.0.0.1 in Gateway Weblaunch allow remote attackers to execute arbitrary code via a long string in the (1) second or (2) fourth argument to the DoWebLaunch method. NOTE: some of these details are obtained from third party information. Gateway CWebLaunchCtl ActiveX control is prone to an arbitrary-command-execution vulnerability and a buffer-overflow vulnerability. Failed attacks will likely cause denial-of-service conditions. These issues affect weblaunch.ocx 1.0.0.1 and weblaunch2.ocx, which provide the ActiveX control; other versions may also be affected. Gateway is a well-known computer brand in the United States, and its products include PCs, notebooks, peripherals, etc. If the user is tricked into visiting a malicious web page and passing an extra long parameter or a specific command string to the function, it may Causes arbitrary commands to be executed on the system. ---------------------------------------------------------------------- A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched. Download and test it today: https://psi.secunia.com/ Read more about this new version: https://psi.secunia.com/?page=changelog ---------------------------------------------------------------------- TITLE: Gateway CWebLaunchCtl ActiveX Control "DoWebLaunch()" Vulnerabilities SECUNIA ADVISORY ID: SA28379 VERIFY ADVISORY: http://secunia.com/advisories/28379/ CRITICAL: Highly critical IMPACT: System access WHERE: >From remote SOFTWARE: Gateway CWebLaunchCtl ActiveX Control 1.x http://secunia.com/product/17132/ DESCRIPTION: Some vulnerabilities have been discovered in Gateway CWebLaunchCtl ActiveX control, which can be exploited by malicious people to compromise a vulnerable system. The vulnerabilities are confirmed in version 1.0. PROVIDED AND/OR DISCOVERED BY: 1) Independently discovered by: * Will Dormann, CERT/CC * Elazar 2) Elazar ORIGINAL ADVISORY: US-CERT VU#735441: http://www.kb.cert.org/vuls/id/735441 milw0rm: http://www.milw0rm.com/exploits/4869 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.79

sources: NVD: CVE-2008-0220 // CERT/CC: VU#735441 // JVNDB: JVNDB-2008-002587 // BID: 27193 // VULHUB: VHN-30345 // PACKETSTORM: 62458

AFFECTED PRODUCTS

vendor:gatewaymodel:cweblaunchctl activex controlscope:eqversion:1.0.0.1

Trust: 2.4

vendor:gatewaymodel:weblaunchscope: - version: -

Trust: 1.4

vendor:gatewaymodel:weblaunchscope:eqversion:*

Trust: 1.0

vendor:gatewaymodel: - scope: - version: -

Trust: 0.8

vendor:gatewaymodel:weblaunch2.ocx cweblaunchctl activex controlscope:eqversion:2.0

Trust: 0.3

vendor:gatewaymodel:weblaunch.ocx cweblaunchctl activex controlscope:eqversion:1.0.0.1

Trust: 0.3

sources: CERT/CC: VU#735441 // BID: 27193 // JVNDB: JVNDB-2008-002587 // CNNVD: CNNVD-200801-148 // NVD: CVE-2008-0220

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2008-0220
value: HIGH

Trust: 1.0

CARNEGIE MELLON: VU#735441
value: 13.66

Trust: 0.8

NVD: CVE-2008-0220
value: HIGH

Trust: 0.8

CNNVD: CNNVD-200801-148
value: HIGH

Trust: 0.6

VULHUB: VHN-30345
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2008-0220
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-30345
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CERT/CC: VU#735441 // VULHUB: VHN-30345 // JVNDB: JVNDB-2008-002587 // CNNVD: CNNVD-200801-148 // NVD: CVE-2008-0220

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-30345 // JVNDB: JVNDB-2008-002587 // NVD: CVE-2008-0220

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200801-148

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-200801-148

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2008-002587

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-30345

PATCH
title:Top Pageurl:http://www.gateway.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2008-002587

EXTERNAL IDS
db:CERT/CCid:VU#735441
Trust: 3.4
db:SECUNIAid:28379
Trust: 2.8
db:NVDid:CVE-2008-0220
Trust: 2.8
db:EXPLOIT-DBid:4869
Trust: 2.6
db:BIDid:27193
Trust: 2.0
db:VUPENid:ADV-2008-0077
Trust: 1.7
db:EXPLOIT-DBid:4982
Trust: 1.7
db:JVNDBid:JVNDB-2008-002587
Trust: 0.8
db:NSFOCUSid:11372
Trust: 0.6
db:FULLDISCid:20080109 GATEWAY WEBLAUNCH ACTIVEX CONTROL INSECURE METHOD
Trust: 0.6
db:MILW0RMid:4869
Trust: 0.6
db:MILW0RMid:4982
Trust: 0.6
db:CNNVDid:CNNVD-200801-148
Trust: 0.6
db:VULHUBid:VHN-30345
Trust: 0.1
db:PACKETSTORMid:62458
Trust: 0.1
sources:
            
            
            CERT/CC: VU#735441 // 
            
            
            
            VULHUB: VHN-30345 // 
            
            
            
            BID: 27193 // 
            
            
            
            JVNDB: JVNDB-2008-002587 // 
            
            
            
            PACKETSTORM: 62458 // 
            
            
            
            CNNVD: CNNVD-200801-148 // 
            
            
            
            NVD: CVE-2008-0220

REFERENCES
url:http://www.kb.cert.org/vuls/id/735441
Trust: 2.6
url:http://www.securityfocus.com/bid/27193
Trust: 1.7
url:http://secunia.com/advisories/28379
Trust: 1.7
url:http://marc.info/?l=full-disclosure&m=119984138526735&w=2
Trust: 1.6
url:https://www.exploit-db.com/exploits/4869
Trust: 1.1
url:https://www.exploit-db.com/exploits/4982
Trust: 1.1
url:http://www.vupen.com/english/advisories/2008/0077
Trust: 1.1
url:http://secunia.com/advisories/28379/
Trust: 0.9
url:http://milw0rm.com/exploits/4869
Trust: 0.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0220
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-0220
Trust: 0.8
url:http://www.milw0rm.com/exploits/4869
Trust: 0.7
url:http://www.milw0rm.com/exploits/4982
Trust: 0.6
url:http://www.frsirt.com/english/advisories/2008/0077
Trust: 0.6
url:http://www.nsfocus.net/vulndb/11372
Trust: 0.6
url:http://www.gateway.com/
Trust: 0.3
url:http://support.microsoft.com/kb/240797
Trust: 0.3
url:http://marc.info/?l=full-disclosure&m=119984138526735&w=2
Trust: 0.1
url:http://secunia.com/secunia_security_advisories/
Trust: 0.1
url:https://psi.secunia.com/?page=changelog
Trust: 0.1
url:https://psi.secunia.com/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/product/17132/
Trust: 0.1
url:http://secunia.com/about_secunia_advisories/
Trust: 0.1
sources:
            
            
            CERT/CC: VU#735441 // 
            
            
            
            VULHUB: VHN-30345 // 
            
            
            
            BID: 27193 // 
            
            
            
            JVNDB: JVNDB-2008-002587 // 
            
            
            
            PACKETSTORM: 62458 // 
            
            
            
            CNNVD: CNNVD-200801-148 // 
            
            
            
            NVD: CVE-2008-0220

CREDITS
Elazar Broad  elazarb@earthlink.net
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200801-148

SOURCES
db:CERT/CCid:VU#735441
db:VULHUBid:VHN-30345
db:BIDid:27193
db:JVNDBid:JVNDB-2008-002587
db:PACKETSTORMid:62458
db:CNNVDid:CNNVD-200801-148
db:NVDid:CVE-2008-0220

LAST UPDATE DATE
2025-04-10T23:03:31.752000+00:00

SOURCES UPDATE DATE
db:CERT/CCid:VU#735441date:2009-04-13T00:00:00
db:VULHUBid:VHN-30345date:2017-09-29T00:00:00
db:BIDid:27193date:2015-05-07T17:33:00
db:JVNDBid:JVNDB-2008-002587date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-200801-148date:2008-09-05T00:00:00
db:NVDid:CVE-2008-0220date:2025-04-09T00:30:58.490

SOURCES RELEASE DATE
db:CERT/CCid:VU#735441date:2008-01-08T00:00:00
db:VULHUBid:VHN-30345date:2008-01-10T00:00:00
db:BIDid:27193date:2008-01-08T00:00:00
db:JVNDBid:JVNDB-2008-002587date:2012-06-26T00:00:00
db:PACKETSTORMid:62458date:2008-01-10T08:17:01
db:CNNVDid:CNNVD-200801-148date:2008-01-10T00:00:00
db:NVDid:CVE-2008-0220date:2008-01-10T23:46:00