This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.
This signature detects attempt to exploit a remote code execution vulnerability by passing specially crafted argument into vulnerable methods of Gateway CWebLaunchCtl ActiveX control.
CWebLaunchCtl is an ActiveX control provided on Gateway Computers products.
The ActiveX control is prone to a buffer-overflow vulnerability.
This issue affects the 'DoWebLaunch()' method of the ActiveX control identified by CLSID:
An attacker can exploit this issue to execute arbitrary code in the context of an application using the ActiveX control (typically Internet Explorer). Failed attacks will likely cause denial-of-service conditions.
The vulnerable method may also allow attackers to execute local scripts.
weblaunch.ocx 18.104.22.168, which provides the ActiveX control, is vulnerable to this issue; other versions may also be affected.
- Gateway weblaunch.ocx CWebLaunchCtl ActiveX Control 22.214.171.124
- Gateway weblaunch2.ocx CWebLaunchCtl ActiveX Control 2.0
Download and install all vendor patches related to this vulnerability.