CVE-2008-0647

{"id": "CVE-2008-0647", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": true, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2008-02-07T21:00:00.000", "references": [{"url": "http://secunia.com/advisories/28809", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/27626", "source": "cve@mitre.org"}, {"url": "http://www.symantec.com/enterprise/security_response/weblog/2008/02/zeroday_exploit_for_lianzong_g.html", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2008/0427", "source": "cve@mitre.org"}, {"url": "https://www.exploit-db.com/exploits/5153", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "Multiple stack-based buffer overflows in the HanGamePluginCn18.HanGamePluginCn18.1 ActiveX control in HanGamePluginCn18.dll in Ourgame GLWorld 2.6.1.29 (aka Lianzong Game Platform) allow remote attackers to execute arbitrary code via long arguments to the (1) hgs_startGame and (2) hgs_startNotify methods, as exploited in the wild as of February 2008. NOTE: some of these details are obtained from third party information."}, {"lang": "es", "value": "M\u00faltiples desbordamientos de b\u00fafer basados en pila en el ActiveX HanGamePluginCn18.HanGamePluginCn18.1 en HanGamePluginCn18.dll de Ourgame GLWorld 2.6.1.29 (tambi\u00e9n conocido como Lianzong Game Platform) permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de argumentos largos en los m\u00e9todos (1) hgs_startGame y (2) hgs_startNotify, tal y como se realiza en exploits p\u00fablicos desde Febrero del 2008. NOTA: alguno de estos detalles se han obtenido de informaci\u00f3n de terceros."}], "lastModified": "2017-09-29T01:30:23.613", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ourgame.com:glworld:2.6.1.29:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2D79D063-2064-4051-B625-880DCA7CBC3C"}, {"criteria": "cpe:2.3:a:ourgame.com:hangameplugincn18_activex_control:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F6BC51D6-5ECB-45B2-B819-E62613A26483"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}