1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. HTTP Gateway CWebLaunchCtl ActiveX File Overwrite

HTTP Gateway CWebLaunchCtl ActiveX File Overwrite

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects attempt to exploit a remote code execution vulnerability by passing specially crafted argument into vulnerable methods of Gateway CWebLaunchCtl ActiveX control.

Additional Information

CWebLaunchCtl is an ActiveX control provided on Gateway Computers products.

The ActiveX control is prone to a buffer-overflow vulnerability.

This issue affects the 'DoWebLaunch()' method of the ActiveX control identified by CLSID:
{93CEA8A4-6059-4E0B-ADDD-73848153DD5E}.

An attacker can exploit this issue to execute arbitrary code in the context of an application using the ActiveX control (typically Internet Explorer). Failed attacks will likely cause denial-of-service conditions.

The vulnerable method may also allow attackers to execute local scripts.

weblaunch.ocx 1.0.0.1, which provides the ActiveX control, is vulnerable to this issue; other versions may also be affected.

Affected

  • Gateway weblaunch.ocx CWebLaunchCtl ActiveX Control 1.0.0.1
  • Gateway weblaunch2.ocx CWebLaunchCtl ActiveX Control 2.0

Response

Download and install all vendor patches related to this vulnerability.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube