Lucene search

K
kasperskyKaspersky LabKLA10392
HistoryApr 16, 2009 - 12:00 a.m.

KLA10392 ACE vulnerability in Microsoft Intelligent Application Gateway

2009-04-1600:00:00
Kaspersky Lab
threats.kaspersky.com
30

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.5 High

AI Score

Confidence

Low

0.957 High

EPSS

Percentile

99.4%

An unspecified vulnerability was found in Microsoft IAG. By exploiting this vulnerability malicious users can execute arbitrary code. This vulnerability can be exploited remotely via specially designed arguments.

Original advisories

Related products

Microsoft-Intelligent-Application-Gateway

CVE list

CVE-2007-2238 critical

Solution

Update to latest version

Impacts

  • ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

Affected Products

  • Microsoft Intelligent Application Gateway versions 3.7 SP1 and earlier

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.5 High

AI Score

Confidence

Low

0.957 High

EPSS

Percentile

99.4%