CVE-2008-0647

Name of the Vulnerable Software and Affected Versions Ourgame GLWorld version 2.6.1.29

Description The issue concerns multiple stack-based buffer overflows in the HanGamePluginCn18.HanGamePluginCn18.1 ActiveX control. This can be exploited by remote attackers to execute arbitrary code via long arguments to the (1) hgs startGame and (2) hgs startNotify methods. There have been real-world incidents where this issue was exploited, as reported in February 2008.

Recommendations For Ourgame GLWorld version 2.6.1.29, consider disabling the hgs startGame and hgs startNotify methods as a temporary workaround until a patch is available. Restrict access to the HanGamePluginCn18.HanGamePluginCn18.1 ActiveX control to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.