• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Gateway CWebLaunchCtl ActiveX Control Command Execution and Remote Buffer Overflow Vulnerability

Gateway CWebLaunchCtl ActiveX control is prone to an arbitrary-command-execution vulnerability and a buffer-overflow vulnerability.

An attacker can exploit these issues to execute arbitrary local scripts and to execute remote code in the context of an application using the ActiveX control (typically Internet Explorer). Failed attacks will likely cause denial-of-service conditions.

These issues affect weblaunch.ocx 1.0.0.1 and weblaunch2.ocx, which provide the ActiveX control; other versions may also be affected.