CVE-2008-0221

Gateway Weblaunch - Path Traversal

Title source: rule

Description

Directory traversal vulnerability in the WebLaunch.WeblaunchCtl.1 (aka CWebLaunchCtl) ActiveX control in weblaunch.ocx 1.0.0.1 in Gateway Weblaunch allows remote attackers to execute arbitrary programs via a ..\ (dot dot backslash) in the second argument to the DoWebLaunch method. NOTE: some of these details are obtained from third party information.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Elazar · htmlremotewindows

https://www.exploit-db.com/exploits/4869

View Code ZIP pw:eip

References (4)

[Third Party Advisory] http://www.vupen.com/english/advisories/2008/0077

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/4869

[Mailing List] http://marc.info/?l=full-disclosure&m=119984138526735&w=2

[Vendor Advisory] http://secunia.com/advisories/28379

Scores

EPSS 0.0261

EPSS Percentile 85.7%

Details

CWE

CWE-22

Status published

Products (1)

gateway/weblaunch 1.0.0.1

Published Jan 10, 2008

Tracked Since Feb 18, 2026