CVE-2007-2238

Multiple stack-based buffer overflows in the Whale Client Components ActiveX control (WhlMgr.dll), as used in Microsoft Intelligent Application Gateway (IAG) before 3.7 SP2, allow remote attackers to execute arbitrary code via long arguments to the (1) CheckForUpdates or (2) UpdateComponents methods.

CVSS v2.0 9.3 HIGH

9.3^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://secunia.com/advisories/34725
http://www.kb.cert.org/vuls/id/789121	US Government Resource
http://www.securityfocus.com/bid/34532	Patch
http://www.vupen.com/english/advisories/2009/1061
https://exchange.xforce.ibmcloud.com/vulnerabilities/49888

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:microsoft:intelligent_application_gateway_2007::sp1::::::*
	cpe:2.3:a:microsoft:intelligent_application_gateway_2007::sp1::::::*

History

No history.

Information

Published : 2009-04-16 15:12

Updated : 2024-02-04 17:33

NVD link : CVE-2007-2238

Mitre link : CVE-2007-2238

CVE.ORG link : CVE-2007-2238

JSON object : View

Products Affected

microsoft

intelligent_application_gateway_2007

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

{"id": "CVE-2007-2238", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2009-04-16T15:12:57.280", "references": [{"url": "http://secunia.com/advisories/34725", "source": "cret@cert.org"}, {"url": "http://www.kb.cert.org/vuls/id/789121", "tags": ["US Government Resource"], "source": "cret@cert.org"}, {"url": "http://www.securityfocus.com/bid/34532", "tags": ["Patch"], "source": "cret@cert.org"}, {"url": "http://www.vupen.com/english/advisories/2009/1061", "source": "cret@cert.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49888", "source": "cret@cert.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "Multiple stack-based buffer overflows in the Whale Client Components ActiveX control (WhlMgr.dll), as used in Microsoft Intelligent Application Gateway (IAG) before 3.7 SP2, allow remote attackers to execute arbitrary code via long arguments to the (1) CheckForUpdates or (2) UpdateComponents methods."}, {"lang": "es", "value": "M\u00faltiples desbordamientos de b\u00fafer basados en pila en el control ActiveX Whale Client Components, como es usado en Microsoft Intelligent Application Gateway (IAG), antes de v3.7 SP2, permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante argumentos grandes a los m\u00e9todos (1) CheckForUpdates o (2) UpdateComponents."}], "lastModified": "2017-07-29T01:31:19.190", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:intelligent_application_gateway_2007:*:sp1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EADE9F62-25C2-42D3-AD6B-F42D5532C708"}, {"criteria": "cpe:2.3:a:microsoft:intelligent_application_gateway_2007:*:sp1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F6E439F6-4014-4019-A5B1-567B6D9C51B4", "versionEndIncluding": "3.7"}], "operator": "OR"}]}], "sourceIdentifier": "cret@cert.org"}