CVE-2013-7246 Information

Description

Buffer overflow in the IconCreate method in an ActiveX control in the DaumGame ActiveX plugin 1.1.0.4 and 1.1.0.5 allows remote attackers to execute arbitrary code via a long string as exploited in the wild in January 2014.

Reference

http://blog.spiderlabs.com/2014/01/daumgame-activex-0day.html http://packetstormsecurity.com/files/124886 http://seclists.org/fulldisclosure/2014/Jan/132 http://www.exploit-db.com/exploits/31179 https://exchange.xforce.ibmcloud.com/vulnerabilities/90588 https://www.trustwave.com/spiderlabs/advisories/TWSL2014-002.txt