Published:2008/11/17  Last Updated:2008/11/19

GungHo LoadPrgAx vulnerable to arbitrary Java program execution


LoadPrgAx ActiveX control from GungHo Online Entertainment, Inc. contains a vulnerability that allows an attacker to execute an arbitrary Java program.

Products Affected

  • LoadPrgAx version 1,0,0,6 and earlier


LoadPrgAx from GungHo Online Entertainment, Inc. is an ActiveX control that runs games provided by the company. LoadPrgAx contains a vulnerability that allows an attacker to execute an arbitrary Java program that resides on a user's PC.


If a user views a specially crafted HTML document (web pages or HTML email), an arbitrary Java program on the user's PC could be executed.


Update the Software
Update to the latest version provided by the vendor.

Vendor Status

Vendor Link
GungHo Online Entertainment, Inc. Security update for ActiveX control (program)


JPCERT/CC Addendum

LoadPrgAx version 1,0,0,7, which addresses this vulnerability has been distributed by the vendor since November 5, 2008.

Vulnerability Analysis by JPCERT/CC

Analyzed on 2008.11.17

Measures Conditions Severity
Access Required Routed - can be attacked over the Internet using packets
  • High
Authentication None - anonymous or no authentication (IP addresses do not count)
  • High
User Interaction Required Simple - the user must be convinced to take a standard action that does not feel harmful to most users, such as click on a link or view a file
  • Medium
Exploit Complexity Low-Medium - some expertise and/or luck required (most buffer overflows, guessing correctly in small space, expertise in Windows function calls)
  • Medium-High

Description of each analysis measures


Other Information

JPCERT Reports
CERT Advisory
CPNI Advisory
CVE CVE-2008-5495
JVN iPedia JVNDB-2008-000077

Update History