Lucene search

K
seebugRootSSV:5070
HistoryApr 21, 2009 - 12:00 a.m.

Microsoft IAG 2007 ActiveX控件栈缓冲区溢出漏洞

2009-04-2100:00:00
Root
www.seebug.org
24

0.957 High

EPSS

Percentile

99.4%

BUGTRAQ ID: 34532
CVE ID:CVE-2007-2238
CNCVE ID:CNCVE-20072238

Microsoft Intelligent Application Gateway是一款智能应用程序网关,提供SSL VPN功能。
Microsoft Whale Intelligent Application Gateway Whale客户端组件ActiveX控件存在缓冲区溢出,远程攻击者可以利用漏洞以应用程序权限执行任意指令。
WhlMgr.dll文件提供的控件处理CheckForUpdates()和UpdateComponents()方法存在栈缓冲区溢出,构建恶意WEB页,诱使用户访问,可导致以应用程序权限执行任意指令。

Microsoft Intelligent Application Gateway 2007 3.7
可下载使用如下安全补丁:
Microsoft Intelligent Application Gateway 2007 3.7
Microsoft Microsoft Whale Communications Intelligent Application Gateway 2007 Service Pack 2
<a href=“http://www.microsoft.com/downloads/details.aspx?FamilyID=e69dfd1d-d333” target=“_blank”>http://www.microsoft.com/downloads/details.aspx?FamilyID=e69dfd1d-d333</a> -4c27-9246-279ada224317&displaylang=en

0.957 High

EPSS

Percentile

99.4%