[Japanese]

JVNDB-2008-000077

GungHo LoadPrgAx vulnerable to arbitrary Java program execution

Overview

LoadPrgAx ActiveX control from GungHo Online Entertainment, Inc. contains a vulnerability that allows an attacker to execute an arbitrary Java program.

LoadPrgAx from GungHo Online Entertainment, Inc. is an ActiveX control that runs games provided by the company. LoadPrgAx contains a vulnerability that allows an attacker to execute an arbitrary Java program that resides on a user's PC.

LoadPrgAx version 1,0,0,7, which addresses this vulnerability has been distributed by the vendor since November 5, 2008.
CVSS Severity (What is CVSS?)

CVSS V2 Severity:
Base Metrics 2.6 (Low) [IPA Score]
  • Access Vector: Network
  • Access Complexity: High
  • Authentication: None
  • Confidentiality Impact: None
  • Integrity Impact: Partial
  • Availability Impact: None
Affected Products


GungHo Online Entertainment, Inc.
  • LoadPrgAx version 1,0,0,6 and earlier

Impact

If a user views a specially crafted HTML document (web pages or HTML email), an arbitrary Java program on the user's PC could be executed.
Solution

[Update the Software]
Update to the latest version provided by the vendor.
Vendor Information

GungHo Online Entertainment, Inc.
CWE (What is CWE?)

  1. Improper Input Validation(CWE-20) [IPA Evaluation]
CVE (What is CVE?)

  1. CVE-2008-5495
References

  1. JVN : JVN#47875752
  2. National Vulnerability Database (NVD) : CVE-2008-5495
  3. Secunia Advisory : SA32743
  4. SecurityFocus : 32318
  5. JVN iPedia (Japanese) : JVNDB-2008-000077
Revision History

  • [2008/11/19]
      Web page published