CVE-2009-1800

Name of the Vulnerable Software and Affected Versions: Chinagames iGame 2009 versions 1.x

Description: A stack-based buffer overflow issue exists in the Chinagames CGAgent ActiveX control, allowing remote attackers to execute arbitrary code via a long argument to the CreateChinagames method. This issue has been exploited in the wild in April and May 2009.

Recommendations: For Chinagames iGame 2009 version 1.x, consider disabling the CreateChinagames method in the CGAgent ActiveX control as a temporary workaround until a patch is available. Restrict access to the CGAgent.dll module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.