PT-2007-6707 · Globallink · Glchat.Ocx+1
Published
2007-10-30
·
Updated
2017-07-29
·
CVE-2007-5722
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
GLChat.ocx version 2.5.1.32 in GlobalLink version 2.7.0.8
Description
A stack-based buffer overflow issue exists in a certain ActiveX control, allowing remote attackers to execute arbitrary code via a long first argument to the
ConnectAndEnterRoom method. This issue was originally exploited in the wild in October 2007.Recommendations
For GLChat.ocx version 2.5.1.32 in GlobalLink version 2.7.0.8, consider disabling the
ConnectAndEnterRoom method as a temporary workaround until a patch is available. Restrict access to the GLCHAT.GLChatCtrl.1 control to minimize the risk of exploitation.Exploit
Fix
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Glchat.Ocx
Globallink