|
[Japanese]
|
JVNDB-2008-000077
|
GungHo LoadPrgAx vulnerable to arbitrary Java program execution
|
|
LoadPrgAx ActiveX control from GungHo Online Entertainment, Inc. contains a vulnerability that allows an attacker to execute an arbitrary Java program.
LoadPrgAx from GungHo Online Entertainment, Inc. is an ActiveX control that runs games provided by the company. LoadPrgAx contains a vulnerability that allows an attacker to execute an arbitrary Java program that resides on a user's PC.
LoadPrgAx version 1,0,0,7, which addresses this vulnerability has been distributed by the vendor since November 5, 2008.
|
|
Base Metrics:
2.6 (Low)
[IPA Score]
- Access Vector: Network
- Access Complexity: High
- Authentication: None
- Confidentiality Impact: None
- Integrity Impact: Partial
- Availability Impact: None
|
|
GungHo Online Entertainment, Inc.
- LoadPrgAx version 1,0,0,6 and earlier
|
|
If a user views a specially crafted HTML document (web pages or HTML email), an arbitrary Java program on the user's PC could be executed.
|
|
[Update the Software]
Update to the latest version provided by the vendor.
|
|
GungHo Online Entertainment, Inc.
|
|
- JVN : JVN#47875752
- National Vulnerability Database (NVD) : CVE-2008-5495
- Common Vulnerabilities and Exposures (CVE) : CVE-2008-5495
- Secunia Advisory : SA32743
- SecurityFocus : 32318
- Common Weakness Enumeration (CWE) : Insufficient Input Validation (CWE-20) [IPA Evaluation]
- JVN iPedia (Japanese) : JVNDB-2008-000077
|
|
[2008/11/19]
Web page published
|
|
| 2008/11/17 |
| 2008/11/19 |
| 2008/11/19 |
|
