Sign-up

ID

VAR-200904-0565


CVE

CVE-2007-2238


TITLE

Microsoft Whale Intelligent Application Gateway Whale Client Components ActiveX control stack buffer overflows

Trust: 0.8

sources: CERT/CC: VU#789121

DESCRIPTION

Multiple stack-based buffer overflows in the Whale Client Components ActiveX control (WhlMgr.dll), as used in Microsoft Intelligent Application Gateway (IAG) before 3.7 SP2, allow remote attackers to execute arbitrary code via long arguments to the (1) CheckForUpdates or (2) UpdateComponents methods. Failed exploit attempts likely result in denial-of-service conditions. NOTE: IAG was formerly known as Whale Communications Intelligent Application Gateway. Versions prior to IAG 2007 3.7 SP2 are vulnerable. The Whale client component used by IAG (provided by the WhlMgr.dll file) did not properly validate the input parameters passed to the CheckForUpdates() and UpdateComponents() methods. If the user is tricked into accessing a malicious web page and provides a super long input parameter to the above method, a stack overflow can be triggered, leading to the execution of arbitrary code. ---------------------------------------------------------------------- Secunia is pleased to announce the release of the annual Secunia report for 2008. The vulnerabilities are caused due to boundary errors in the "CheckForUpdates()" and "UpdateComponents()" methods within "WhlMgr.dll", which can be exploited to cause stack-based buffer overflows. Successful exploitation allows execution of arbitrary code. SOLUTION: Update to the latest version as provided in Microsoft Intelligent Application Gateway 3.7 SP2. PROVIDED AND/OR DISCOVERED BY: Will Dormann, CERT/CC. ORIGINAL ADVISORY: US-CERT: http://www.kb.cert.org/vuls/id/789121 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.79

sources: NVD: CVE-2007-2238 // CERT/CC: VU#789121 // JVNDB: JVNDB-2009-004035 // BID: 34532 // VULHUB: VHN-25600 // PACKETSTORM: 76759

AFFECTED PRODUCTS

vendor:microsoftmodel:intelligent application gateway 2007scope:lteversion:3.7

Trust: 1.0

vendor:microsoftmodel:intelligent application gateway 2007scope:eqversion:*

Trust: 1.0

vendor:microsoftmodel: - scope: - version: -

Trust: 0.8

vendor:microsoftmodel:intelligent application gateway 2007scope:ltversion:3.7 sp2

Trust: 0.8

vendor:microsoftmodel:intelligent application gateway 2007scope:eqversion:3.7

Trust: 0.6

vendor:microsoftmodel:intelligent application gateway 2007scope:eqversion:sp1

Trust: 0.6

vendor:microsoftmodel:intelligent application gatewayscope:eqversion:20073.7

Trust: 0.3

vendor:microsoftmodel:intelligent application gateway sp2scope:neversion:20073.7

Trust: 0.3

sources: CERT/CC: VU#789121 // BID: 34532 // JVNDB: JVNDB-2009-004035 // CNNVD: CNNVD-200904-335 // NVD: CVE-2007-2238

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2007-2238
value: HIGH

Trust: 1.0

CARNEGIE MELLON: VU#789121
value: 3.41

Trust: 0.8

NVD: CVE-2007-2238
value: HIGH

Trust: 0.8

CNNVD: CNNVD-200904-335
value: CRITICAL

Trust: 0.6

VULHUB: VHN-25600
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2007-2238
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-25600
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CERT/CC: VU#789121 // VULHUB: VHN-25600 // JVNDB: JVNDB-2009-004035 // CNNVD: CNNVD-200904-335 // NVD: CVE-2007-2238

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-25600 // JVNDB: JVNDB-2009-004035 // NVD: CVE-2007-2238

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200904-335

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-200904-335

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2009-004035

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-25600

PATCH
title:Internet Explorerurl:http://windows.microsoft.com/en-US/internet-explorer/products/ie/home
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2009-004035

EXTERNAL IDS
db:CERT/CCid:VU#789121
Trust: 3.7
db:NVDid:CVE-2007-2238
Trust: 2.8
db:BIDid:34532
Trust: 2.0
db:SECUNIAid:34725
Trust: 1.9
db:VUPENid:ADV-2009-1061
Trust: 1.7
db:JVNDBid:JVNDB-2009-004035
Trust: 0.8
db:XFid:49888
Trust: 0.6
db:CNNVDid:CNNVD-200904-335
Trust: 0.6
db:PACKETSTORMid:82980
Trust: 0.1
db:SEEBUGid:SSVID-71122
Trust: 0.1
db:EXPLOIT-DBid:16608
Trust: 0.1
db:VULHUBid:VHN-25600
Trust: 0.1
db:PACKETSTORMid:76759
Trust: 0.1
sources:
            
            
            CERT/CC: VU#789121 // 
            
            
            
            VULHUB: VHN-25600 // 
            
            
            
            BID: 34532 // 
            
            
            
            JVNDB: JVNDB-2009-004035 // 
            
            
            
            PACKETSTORM: 76759 // 
            
            
            
            CNNVD: CNNVD-200904-335 // 
            
            
            
            NVD: CVE-2007-2238

REFERENCES
url:http://www.kb.cert.org/vuls/id/789121
Trust: 2.9
url:http://www.securityfocus.com/bid/34532
Trust: 1.7
url:http://secunia.com/advisories/34725
Trust: 1.7
url:http://www.vupen.com/english/advisories/2009/1061
Trust: 1.7
url:http://technet.microsoft.com/en-us/library/dd282918.aspx
Trust: 1.1
url:http://support.microsoft.com/kb/240797
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/49888
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-2238
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-2238
Trust: 0.8
url:http://xforce.iss.net/xforce/xfdb/49888
Trust: 0.6
url:http://www.microsoft.com/forefront/edgesecurity/iag/en/us/overview.aspx
Trust: 0.3
url:http://secunia.com/advisories/try_vi/request_2008_report/
Trust: 0.1
url:http://secunia.com/advisories/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/advisories/34725/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/advisories/about_secunia_advisories/
Trust: 0.1
sources:
            
            
            CERT/CC: VU#789121 // 
            
            
            
            VULHUB: VHN-25600 // 
            
            
            
            BID: 34532 // 
            
            
            
            JVNDB: JVNDB-2009-004035 // 
            
            
            
            PACKETSTORM: 76759 // 
            
            
            
            CNNVD: CNNVD-200904-335 // 
            
            
            
            NVD: CVE-2007-2238

CREDITS
Will Dormann
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200904-335

SOURCES
db:CERT/CCid:VU#789121
db:VULHUBid:VHN-25600
db:BIDid:34532
db:JVNDBid:JVNDB-2009-004035
db:PACKETSTORMid:76759
db:CNNVDid:CNNVD-200904-335
db:NVDid:CVE-2007-2238

LAST UPDATE DATE
2025-04-10T23:21:29.272000+00:00

SOURCES UPDATE DATE
db:CERT/CCid:VU#789121date:2009-05-27T00:00:00
db:VULHUBid:VHN-25600date:2017-07-29T00:00:00
db:BIDid:34532date:2009-04-21T00:26:00
db:JVNDBid:JVNDB-2009-004035date:2012-09-25T00:00:00
db:CNNVDid:CNNVD-200904-335date:2009-04-28T00:00:00
db:NVDid:CVE-2007-2238date:2025-04-09T00:30:58.490

SOURCES RELEASE DATE
db:CERT/CCid:VU#789121date:2009-04-15T00:00:00
db:VULHUBid:VHN-25600date:2009-04-16T00:00:00
db:BIDid:34532date:2009-04-15T00:00:00
db:JVNDBid:JVNDB-2009-004035date:2012-09-25T00:00:00
db:PACKETSTORMid:76759date:2009-04-16T16:12:33
db:CNNVDid:CNNVD-200904-335date:2009-04-16T00:00:00
db:NVDid:CVE-2007-2238date:2009-04-16T15:12:57.280