CVE-2013-7246

EXPLOITED IN THE WILD

DaumGame ActiveX <1.1.0.5 - RCE

Title source: llm

Description

Buffer overflow in the IconCreate method in an ActiveX control in the DaumGame ActiveX plugin 1.1.0.4 and 1.1.0.5 allows remote attackers to execute arbitrary code via a long string, as exploited in the wild in January 2014.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Trustwave's SpiderLabs · htmlremotewindows

https://www.exploit-db.com/exploits/31179

View Code ZIP pw:eip

References (6)

[Exploit] http://blog.spiderlabs.com/2014/01/daumgame-activex-0day.html

[Exploit] http://packetstormsecurity.com/files/124886

[Mailing List] http://seclists.org/fulldisclosure/2014/Jan/132

[Exploit] http://www.exploit-db.com/exploits/31179

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/90588

[Exploit] https://www.trustwave.com/spiderlabs/advisories/TWSL2014-002.txt

Scores

EPSS 0.3367

EPSS Percentile 97.0%

Details

VulnCheck KEV 2014-01-30

InTheWild.io 2017-08-29

CWE

CWE-119

Status published

Products (2)

daum_communications/daumgame_activex_control 1.1.0.4

daum_communications/daumgame_activex_control 1.1.0.5

Published Jan 30, 2014

Tracked Since Feb 18, 2026