Luoluo

**Name of the Vulnerable Software and Affected Versions** Ourgame GLWorld version 2.6.1.29 **Description** The issue concerns multiple stack-based buffer overflows in the HanGamePluginCn18.HanGamePluginCn18.1 ActiveX control. This can be exploited by remote attackers to execute arbitrary code via long arguments to the (1) `hgs startGame` and (2) `hgs startNotify` methods. There have been real-world incidents where this issue was exploited, as reported in February 2008. **Recommendations** For Ourgame GLWorld version 2.6.1.29, consider disabling the `hgs startGame` and `hgs startNotify` methods as a temporary workaround until a patch is available. Restrict access to the HanGamePluginCn18.HanGamePluginCn18.1 ActiveX control to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.