PT-2007-6707 · Globallink · Glchat.Ocx+1
Publicado
2007-10-30
·
Atualizado
2017-07-29
·
CVE-2007-5722
CVSS v2.0
7.5
Alta
| Vetor | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
GLChat.ocx version 2.5.1.32 in GlobalLink version 2.7.0.8
Description
A stack-based buffer overflow issue exists in a certain ActiveX control, allowing remote attackers to execute arbitrary code via a long first argument to the
ConnectAndEnterRoom method. This issue was originally exploited in the wild in October 2007.Recommendations
For GLChat.ocx version 2.5.1.32 in GlobalLink version 2.7.0.8, consider disabling the
ConnectAndEnterRoom method as a temporary workaround until a patch is available. Restrict access to the GLCHAT.GLChatCtrl.1 control to minimize the risk of exploitation.Exploit
Correção
Buffer Overflow
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Glchat.Ocx
Globallink