CVE-2007-2238

2009-04-1615:12:57

CWE-119

[email protected]

web.nvd.nist.gov

cve-2007-2238

buffer overflows

whale client components

activex control

microsoft iag

remote code execution

nvd

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.7 High

AI Score

Confidence

Low

0.957 High

EPSS

Percentile

99.4%

JSON

Multiple stack-based buffer overflows in the Whale Client Components ActiveX control (WhlMgr.dll), as used in Microsoft Intelligent Application Gateway (IAG) before 3.7 SP2, allow remote attackers to execute arbitrary code via long arguments to the (1) CheckForUpdates or (2) UpdateComponents methods.

Affected configurations

NVD

Node

microsoftintelligent_application_gateway_2007sp1

microsoftintelligent_application_gateway_2007Range≤3.7sp1

CPENameOperatorVersion
microsoft:intelligent_application_gateway_2007microsoft intelligent application gateway 2007eq*
microsoft:intelligent_application_gateway_2007microsoft intelligent application gateway 2007le3.7

CPE	Name	Operator	Version
microsoft:intelligent_application_gateway_2007	microsoft intelligent application gateway 2007	eq	*
microsoft:intelligent_application_gateway_2007	microsoft intelligent application gateway 2007	le	3.7