CVE-2008-0220

Gateway Weblaunch 1.0.0.1 - Stack-Based Buffer Overflow via DoWebLaunch Method

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2008-0220. PoCs published by Elazar.

AI-analyzed exploit summary This is a buffer overflow exploit targeting Gateway WebLaunch ActiveX controls (Weblaunch.ocx and Weblaunch2.ocx). It uses heap spraying and two Metasploit-generated shellcodes (calc.exe execution and bind shell) to achieve remote code execution.

Description

Multiple stack-based buffer overflows in the WebLaunch.WeblaunchCtl.1 (aka CWebLaunchCtl) ActiveX control in weblaunch.ocx 1.0.0.1 in Gateway Weblaunch allow remote attackers to execute arbitrary code via a long string in the (1) second or (2) fourth argument to the DoWebLaunch method. NOTE: some of these details are obtained from third party information.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Elazar · htmlremotewindows
https://www.exploit-db.com/exploits/4982

This is a buffer overflow exploit targeting Gateway WebLaunch ActiveX controls (Weblaunch.ocx and Weblaunch2.ocx). It uses heap spraying and two Metasploit-generated shellcodes (calc.exe execution and bind shell) to achieve remote code execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Gateway WebLaunch ActiveX control (versions with CLISDs 93CEA8A4-6059-4E0B-ADDD-73848153DD5E and 97BB6657-DC7F-4489-9067-51FAB9D8857E)
No auth needed
Prerequisites: Victim must visit malicious webpage · ActiveX control must be installed and vulnerable · Internet Explorer with ActiveX enabled
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Elazar · htmlremotewindows
https://www.exploit-db.com/exploits/4869

This exploit leverages an insecure method in the Gateway Weblaunch ActiveX control to execute arbitrary commands by escaping the temporary directory and launching calc.exe. The vulnerability arises from improper path handling in the DoWebLaunch method.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Gateway Weblaunch ActiveX Control version 1.0.0.1
No auth needed
Prerequisites: Victim must have the vulnerable ActiveX control installed · Victim must visit the malicious webpage using Internet Explorer
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (7)

Core 7
Core References
US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/735441
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/4982
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/27193
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/0077
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/4869
Mailing List mailing-list x_refsource_fulldisc
http://marc.info/?l=full-disclosure&m=119984138526735&w=2
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/28379

Scores

EPSS 0.1566
EPSS Percentile 96.4%

Details

CWE
CWE-119
Status published
Products (2)
gateway/cweblaunchctl_activex_control 1.0.0.1
gateway/weblaunch
Published Jan 10, 2008
Tracked Since Feb 18, 2026