Details of VAR-200801-0367

ID

VAR-200801-0367

CVE

CVE-2008-0221

TITLE

Gateway CWebLaunchCtl ActiveX control buffer overflow

Trust: 0.8

sources: CERT/CC: VU#735441

DESCRIPTION

Directory traversal vulnerability in the WebLaunch.WeblaunchCtl.1 (aka CWebLaunchCtl) ActiveX control in weblaunch.ocx 1.0.0.1 in Gateway Weblaunch allows remote attackers to execute arbitrary programs via a ..\ (dot dot backslash) in the second argument to the DoWebLaunch method. NOTE: some of these details are obtained from third party information. Weblaunch is prone to a directory traversal vulnerability. ---------------------------------------------------------------------- A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched. Download and test it today: https://psi.secunia.com/ Read more about this new version: https://psi.secunia.com/?page=changelog ---------------------------------------------------------------------- TITLE: Gateway CWebLaunchCtl ActiveX Control "DoWebLaunch()" Vulnerabilities SECUNIA ADVISORY ID: SA28379 VERIFY ADVISORY: http://secunia.com/advisories/28379/ CRITICAL: Highly critical IMPACT: System access WHERE: >From remote SOFTWARE: Gateway CWebLaunchCtl ActiveX Control 1.x http://secunia.com/product/17132/ DESCRIPTION: Some vulnerabilities have been discovered in Gateway CWebLaunchCtl ActiveX control, which can be exploited by malicious people to compromise a vulnerable system. 1) A boundary error in the WebLaunch.WeblaunchCtl.1 ActiveX control (weblaunch.ocx) can be exploited to cause a stack-based buffer overflow by passing overly-long strings as arguments to the "DoWebLaunch()" method. The vulnerabilities are confirmed in version 1.0. Other versions may also be affected. SOLUTION: Set the kill-bit for the affected ActiveX control. PROVIDED AND/OR DISCOVERED BY: 1) Independently discovered by: * Will Dormann, CERT/CC * Elazar 2) Elazar ORIGINAL ADVISORY: US-CERT VU#735441: http://www.kb.cert.org/vuls/id/735441 milw0rm: http://www.milw0rm.com/exploits/4869 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.79

sources: NVD: CVE-2008-0221 // CERT/CC: VU#735441 // JVNDB: JVNDB-2008-002588 // BID: 85177 // VULHUB: VHN-30346 // PACKETSTORM: 62458

AFFECTED PRODUCTS

vendor:	gateway	model:	weblaunch	scope:	eq	version:	1.0.0.1	Trust: 2.7
vendor:	gateway	model:	-	scope:	-	version:	-	Trust: 0.8

sources: CERT/CC: VU#735441 // BID: 85177 // JVNDB: JVNDB-2008-002588 // CNNVD: CNNVD-200801-149 // NVD: CVE-2008-0221

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2008-0221
value:	HIGH
Trust: 1.0
CARNEGIE MELLON:	VU#735441
value:	13.66
Trust: 0.8
NVD:	CVE-2008-0221
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-200801-149
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-30346
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2008-0221
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-30346
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CERT/CC: VU#735441 // VULHUB: VHN-30346 // JVNDB: JVNDB-2008-002588 // CNNVD: CNNVD-200801-149 // NVD: CVE-2008-0221

PROBLEMTYPE DATA

problemtype:

CWE-22

Trust: 1.9

sources: VULHUB: VHN-30346 // JVNDB: JVNDB-2008-002588 // NVD: CVE-2008-0221

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200801-149

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-200801-149

CONFIGURATIONS

sources: JVNDB: JVNDB-2008-002588

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-30346

PATCH

title:

Top Page

url:

http://www.gateway.com/

Trust: 0.8

sources: JVNDB: JVNDB-2008-002588

EXTERNAL IDS

db:	EXPLOIT-DB	id:	4869	Trust: 2.9
db:	SECUNIA	id:	28379	Trust: 2.8
db:	NVD	id:	CVE-2008-0221	Trust: 2.8
db:	VUPEN	id:	ADV-2008-0077	Trust: 1.7
db:	CERT/CC	id:	VU#735441	Trust: 0.9
db:	JVNDB	id:	JVNDB-2008-002588	Trust: 0.8
db:	CNNVD	id:	CNNVD-200801-149	Trust: 0.7
db:	MILW0RM	id:	4869	Trust: 0.6
db:	FULLDISC	id:	20080109 GATEWAY WEBLAUNCH ACTIVEX CONTROL INSECURE METHOD	Trust: 0.6
db:	BID	id:	85177	Trust: 0.4
db:	VULHUB	id:	VHN-30346	Trust: 0.1
db:	PACKETSTORM	id:	62458	Trust: 0.1

sources: CERT/CC: VU#735441 // VULHUB: VHN-30346 // BID: 85177 // JVNDB: JVNDB-2008-002588 // PACKETSTORM: 62458 // CNNVD: CNNVD-200801-149 // NVD: CVE-2008-0221

REFERENCES

url:	http://marc.info/?l=full-disclosure&m=119984138526735&w=2	Trust: 1.9
url:	http://secunia.com/advisories/28379	Trust: 1.7
url:	https://www.exploit-db.com/exploits/4869	Trust: 1.1
url:	http://www.vupen.com/english/advisories/2008/0077	Trust: 1.1
url:	http://www.milw0rm.com/exploits/4869	Trust: 1.0
url:	http://secunia.com/advisories/28379/	Trust: 0.9
url:	http://milw0rm.com/exploits/4869	Trust: 0.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0221	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-0221	Trust: 0.8
url:	http://www.frsirt.com/english/advisories/2008/0077	Trust: 0.6
url:	http://marc.info/?l=full-disclosure&m=119984138526735&w=2	Trust: 0.1
url:	http://secunia.com/secunia_security_advisories/	Trust: 0.1
url:	http://www.kb.cert.org/vuls/id/735441	Trust: 0.1
url:	https://psi.secunia.com/?page=changelog	Trust: 0.1
url:	https://psi.secunia.com/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/product/17132/	Trust: 0.1
url:	http://secunia.com/about_secunia_advisories/	Trust: 0.1

sources: CERT/CC: VU#735441 // VULHUB: VHN-30346 // BID: 85177 // JVNDB: JVNDB-2008-002588 // PACKETSTORM: 62458 // CNNVD: CNNVD-200801-149 // NVD: CVE-2008-0221

CREDITS

Unknown

Trust: 0.3

sources: BID: 85177

SOURCES

db:	CERT/CC	id:	VU#735441
db:	VULHUB	id:	VHN-30346
db:	BID	id:	85177
db:	JVNDB	id:	JVNDB-2008-002588
db:	PACKETSTORM	id:	62458
db:	CNNVD	id:	CNNVD-200801-149
db:	NVD	id:	CVE-2008-0221

LAST UPDATE DATE

2025-04-10T23:03:31.794000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#735441	date:	2009-04-13T00:00:00
db:	VULHUB	id:	VHN-30346	date:	2017-09-29T00:00:00
db:	BID	id:	85177	date:	2008-01-10T00:00:00
db:	JVNDB	id:	JVNDB-2008-002588	date:	2012-06-26T00:00:00
db:	CNNVD	id:	CNNVD-200801-149	date:	2008-09-05T00:00:00
db:	NVD	id:	CVE-2008-0221	date:	2025-04-09T00:30:58.490

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#735441	date:	2008-01-08T00:00:00
db:	VULHUB	id:	VHN-30346	date:	2008-01-10T00:00:00
db:	BID	id:	85177	date:	2008-01-10T00:00:00
db:	JVNDB	id:	JVNDB-2008-002588	date:	2012-06-26T00:00:00
db:	PACKETSTORM	id:	62458	date:	2008-01-10T08:17:01
db:	CNNVD	id:	CNNVD-200801-149	date:	2008-01-10T00:00:00
db:	NVD	id:	CVE-2008-0221	date:	2008-01-10T23:46:00