---------------------------------------------------------------------- A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched. Download and test it today: https://psi.secunia.com/ Read more about this new version: https://psi.secunia.com/?page=changelog ---------------------------------------------------------------------- TITLE: Gateway CWebLaunchCtl ActiveX Control "DoWebLaunch()" Vulnerabilities SECUNIA ADVISORY ID: SA28379 VERIFY ADVISORY: http://secunia.com/advisories/28379/ CRITICAL: Highly critical IMPACT: System access WHERE: >From remote SOFTWARE: Gateway CWebLaunchCtl ActiveX Control 1.x http://secunia.com/product/17132/ DESCRIPTION: Some vulnerabilities have been discovered in Gateway CWebLaunchCtl ActiveX control, which can be exploited by malicious people to compromise a vulnerable system. 1) A boundary error in the WebLaunch.WeblaunchCtl.1 ActiveX control (weblaunch.ocx) can be exploited to cause a stack-based buffer overflow by passing overly-long strings as arguments to the "DoWebLaunch()" method. 2) The WebLaunch.WeblaunchCtl.1 ActiveX control includes the insecure "DoWebLaunch()" method, which can be exploited to execute arbitrary commands on the vulnerable system. The vulnerabilities are confirmed in version 1.0. Other versions may also be affected. SOLUTION: Set the kill-bit for the affected ActiveX control. PROVIDED AND/OR DISCOVERED BY: 1) Independently discovered by: * Will Dormann, CERT/CC * Elazar 2) Elazar ORIGINAL ADVISORY: US-CERT VU#735441: http://www.kb.cert.org/vuls/id/735441 milw0rm: http://www.milw0rm.com/exploits/4869 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------