Remote code execution in DaumGame ActiveX
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2013-7246 |
| CWE-ID | CWE-120 |
| Exploitation vector | Network |
| Public exploit | Public exploit code for vulnerability #1 is available. |
| Vulnerable software Subscribe |
DaumGame Client/Desktop applications / Games |
| Vendor | DaumGame |
Security Bulletin
This security bulletin contains one high risk vulnerability.
1) Buffer overflow
EUVDB-ID: #VU6173
Risk: High
CVSSv3.1: 8.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2013-7246
CWE-ID:
CWE-120 - Buffer overflow
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to buffer overflow in ActiveX component. A remote attacker can create a specially crafted Web page that passes an overly long argument to the insecure IconCreate method, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in arbitrary code execution on the vulnerable system.
Update to version 1.1.0.6 or later.
Vulnerable software versionsDaumGame: 1.1.0.4 - 1.1.0.6
External linkshttp://packetstormsecurity.com/files/124886
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to open a a specially crafted file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
