CVE-2013-7246

EXPLOITED IN THE WILD

DaumGame ActiveX Control 1.1.0.4 and 1.1.0.5 - Buffer Overflow via IconCreate Method

Title source: llm

Exploitation Summary

CVE-2013-7246 has been observed exploited in the wild (reported by VulnCheck KEV, InTheWild.io). EIP tracks 1 public exploit from researchers including Trustwave's SpiderLabs.

AI-analyzed exploit summary This is a proof-of-concept exploit for CVE-2013-7246, demonstrating a buffer overflow vulnerability in DaumGame ActiveX (versions 1.1.0.5 and 1.1.0.4) via the 'IconCreate' method. The exploit triggers an SEH overwrite to achieve remote code execution by launching a calculator.

Description

Buffer overflow in the IconCreate method in an ActiveX control in the DaumGame ActiveX plugin 1.1.0.4 and 1.1.0.5 allows remote attackers to execute arbitrary code via a long string, as exploited in the wild in January 2014.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Trustwave's SpiderLabs · htmlremotewindows

https://www.exploit-db.com/exploits/31179

View Code ZIP pw:eip

This is a proof-of-concept exploit for CVE-2013-7246, demonstrating a buffer overflow vulnerability in DaumGame ActiveX (versions 1.1.0.5 and 1.1.0.4) via the 'IconCreate' method. The exploit triggers an SEH overwrite to achieve remote code execution by launching a calculator.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: DaumGame ActiveX 1.1.0.5, 1.1.0.4

No auth needed

Prerequisites: Victim must have vulnerable DaumGame ActiveX installed · Victim must visit a malicious webpage hosting the exploit

MITRE ATT&CK