cvelistv5 - cve-2007-2238

CVE-2007-2238 (GCVE-0-2007-2238)

Vulnerability from cvelistv5 – Published: 2009-04-16 15:00 – Updated: 2024-08-07 13:33

Summary

Severity ?

No CVSS data available.

CWE

Assigner

certcc

References

URL

Tags

	http://www.kb.cert.org/vuls/id/789121	third-party-advisoryx_refsource_CERT-VN
	http://www.vupen.com/english/advisories/2009/1061	vdb-entryx_refsource_VUPEN
	http://secunia.com/advisories/34725	third-party-advisoryx_refsource_SECUNIA
	http://www.securityfocus.com/bid/34532	vdb-entryx_refsource_BID
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T13:33:27.624Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "VU#789121",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/789121"
          },
          {
            "name": "ADV-2009-1061",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/1061"
          },
          {
            "name": "34725",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/34725"
          },
          {
            "name": "34532",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/34532"
          },
          {
            "name": "iag-activex-bo(49888)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49888"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-04-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple stack-based buffer overflows in the Whale Client Components ActiveX control (WhlMgr.dll), as used in Microsoft Intelligent Application Gateway (IAG) before 3.7 SP2, allow remote attackers to execute arbitrary code via long arguments to the (1) CheckForUpdates or (2) UpdateComponents methods."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-28T12:57:01",
        "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "shortName": "certcc"
      },
      "references": [
        {
          "name": "VU#789121",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/789121"
        },
        {
          "name": "ADV-2009-1061",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/1061"
        },
        {
          "name": "34725",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/34725"
        },
        {
          "name": "34532",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/34532"
        },
        {
          "name": "iag-activex-bo(49888)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49888"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cert@cert.org",
          "ID": "CVE-2007-2238",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple stack-based buffer overflows in the Whale Client Components ActiveX control (WhlMgr.dll), as used in Microsoft Intelligent Application Gateway (IAG) before 3.7 SP2, allow remote attackers to execute arbitrary code via long arguments to the (1) CheckForUpdates or (2) UpdateComponents methods."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "VU#789121",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/789121"
            },
            {
              "name": "ADV-2009-1061",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/1061"
            },
            {
              "name": "34725",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/34725"
            },
            {
              "name": "34532",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/34532"
            },
            {
              "name": "iag-activex-bo(49888)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49888"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
    "assignerShortName": "certcc",
    "cveId": "CVE-2007-2238",
    "datePublished": "2009-04-16T15:00:00",
    "dateReserved": "2007-04-25T00:00:00",
    "dateUpdated": "2024-08-07T13:33:27.624Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:intelligent_application_gateway_2007:*:sp1:*:*:*:*:*:*\", \"matchCriteriaId\": \"EADE9F62-25C2-42D3-AD6B-F42D5532C708\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:intelligent_application_gateway_2007:*:sp1:*:*:*:*:*:*\", \"versionEndIncluding\": \"3.7\", \"matchCriteriaId\": \"F6E439F6-4014-4019-A5B1-567B6D9C51B4\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Multiple stack-based buffer overflows in the Whale Client Components ActiveX control (WhlMgr.dll), as used in Microsoft Intelligent Application Gateway (IAG) before 3.7 SP2, allow remote attackers to execute arbitrary code via long arguments to the (1) CheckForUpdates or (2) UpdateComponents methods.\"}, {\"lang\": \"es\", \"value\": \"M\\u00faltiples desbordamientos de b\\u00fafer basados en pila en el control ActiveX Whale Client Components, como es usado en Microsoft Intelligent Application Gateway (IAG), antes de v3.7 SP2, permite a atacantes remotos ejecutar c\\u00f3digo de su elecci\\u00f3n mediante argumentos grandes a los m\\u00e9todos (1) CheckForUpdates o (2) UpdateComponents.\"}]",
      "id": "CVE-2007-2238",
      "lastModified": "2024-11-21T00:30:16.240",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:C/I:C/A:C\", \"baseScore\": 9.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.6, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2009-04-16T15:12:57.280",
      "references": "[{\"url\": \"http://secunia.com/advisories/34725\", \"source\": \"cret@cert.org\"}, {\"url\": \"http://www.kb.cert.org/vuls/id/789121\", \"source\": \"cret@cert.org\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.securityfocus.com/bid/34532\", \"source\": \"cret@cert.org\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2009/1061\", \"source\": \"cret@cert.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/49888\", \"source\": \"cret@cert.org\"}, {\"url\": \"http://secunia.com/advisories/34725\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.kb.cert.org/vuls/id/789121\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.securityfocus.com/bid/34532\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2009/1061\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/49888\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cret@cert.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-119\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2007-2238\",\"sourceIdentifier\":\"cret@cert.org\",\"published\":\"2009-04-16T15:12:57.280\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Multiple stack-based buffer overflows in the Whale Client Components ActiveX control (WhlMgr.dll), as used in Microsoft Intelligent Application Gateway (IAG) before 3.7 SP2, allow remote attackers to execute arbitrary code via long arguments to the (1) CheckForUpdates or (2) UpdateComponents methods.\"},{\"lang\":\"es\",\"value\":\"M\u00faltiples desbordamientos de b\u00fafer basados en pila en el control ActiveX Whale Client Components, como es usado en Microsoft Intelligent Application Gateway (IAG), antes de v3.7 SP2, permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante argumentos grandes a los m\u00e9todos (1) CheckForUpdates o (2) UpdateComponents.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:intelligent_application_gateway_2007:*:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"EADE9F62-25C2-42D3-AD6B-F42D5532C708\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:intelligent_application_gateway_2007:*:sp1:*:*:*:*:*:*\",\"versionEndIncluding\":\"3.7\",\"matchCriteriaId\":\"F6E439F6-4014-4019-A5B1-567B6D9C51B4\"}]}]}],\"references\":[{\"url\":\"http://secunia.com/advisories/34725\",\"source\":\"cret@cert.org\"},{\"url\":\"http://www.kb.cert.org/vuls/id/789121\",\"source\":\"cret@cert.org\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.securityfocus.com/bid/34532\",\"source\":\"cret@cert.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.vupen.com/english/advisories/2009/1061\",\"source\":\"cret@cert.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/49888\",\"source\":\"cret@cert.org\"},{\"url\":\"http://secunia.com/advisories/34725\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.kb.cert.org/vuls/id/789121\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.securityfocus.com/bid/34532\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.vupen.com/english/advisories/2009/1061\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/49888\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

GSD-2007-2238

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2007-2238

Aliases

CVE-2007-2238

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2007-2238",
    "description": "Multiple stack-based buffer overflows in the Whale Client Components ActiveX control (WhlMgr.dll), as used in Microsoft Intelligent Application Gateway (IAG) before 3.7 SP2, allow remote attackers to execute arbitrary code via long arguments to the (1) CheckForUpdates or (2) UpdateComponents methods.",
    "id": "GSD-2007-2238",
    "references": [
      "https://packetstormsecurity.com/files/cve/CVE-2007-2238"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2007-2238"
      ],
      "details": "Multiple stack-based buffer overflows in the Whale Client Components ActiveX control (WhlMgr.dll), as used in Microsoft Intelligent Application Gateway (IAG) before 3.7 SP2, allow remote attackers to execute arbitrary code via long arguments to the (1) CheckForUpdates or (2) UpdateComponents methods.",
      "id": "GSD-2007-2238",
      "modified": "2023-12-13T01:21:37.787181Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cert@cert.org",
        "ID": "CVE-2007-2238",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Multiple stack-based buffer overflows in the Whale Client Components ActiveX control (WhlMgr.dll), as used in Microsoft Intelligent Application Gateway (IAG) before 3.7 SP2, allow remote attackers to execute arbitrary code via long arguments to the (1) CheckForUpdates or (2) UpdateComponents methods."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "VU#789121",
            "refsource": "CERT-VN",
            "url": "http://www.kb.cert.org/vuls/id/789121"
          },
          {
            "name": "ADV-2009-1061",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2009/1061"
          },
          {
            "name": "34725",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/34725"
          },
          {
            "name": "34532",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/34532"
          },
          {
            "name": "iag-activex-bo(49888)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49888"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:intelligent_application_gateway_2007:*:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:intelligent_application_gateway_2007:*:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "3.7",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cert@cert.org",
          "ID": "CVE-2007-2238"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Multiple stack-based buffer overflows in the Whale Client Components ActiveX control (WhlMgr.dll), as used in Microsoft Intelligent Application Gateway (IAG) before 3.7 SP2, allow remote attackers to execute arbitrary code via long arguments to the (1) CheckForUpdates or (2) UpdateComponents methods."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-119"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "34532",
              "refsource": "BID",
              "tags": [
                "Patch"
              ],
              "url": "http://www.securityfocus.com/bid/34532"
            },
            {
              "name": "VU#789121",
              "refsource": "CERT-VN",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.kb.cert.org/vuls/id/789121"
            },
            {
              "name": "34725",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/34725"
            },
            {
              "name": "ADV-2009-1061",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2009/1061"
            },
            {
              "name": "iag-activex-bo(49888)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49888"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2017-07-29T01:31Z",
      "publishedDate": "2009-04-16T15:12Z"
    }
  }
}

VAR-200904-0565

Vulnerability from variot - Updated: 2023-12-18 14:02

Multiple stack-based buffer overflows in the Whale Client Components ActiveX control (WhlMgr.dll), as used in Microsoft Intelligent Application Gateway (IAG) before 3.7 SP2, allow remote attackers to execute arbitrary code via long arguments to the (1) CheckForUpdates or (2) UpdateComponents methods. Failed exploit attempts likely result in denial-of-service conditions. NOTE: IAG was formerly known as Whale Communications Intelligent Application Gateway. Versions prior to IAG 2007 3.7 SP2 are vulnerable. The Whale client component used by IAG (provided by the WhlMgr.dll file) did not properly validate the input parameters passed to the CheckForUpdates() and UpdateComponents() methods. If the user is tricked into accessing a malicious web page and provides a super long input parameter to the above method, a stack overflow can be triggered, leading to the execution of arbitrary code. ----------------------------------------------------------------------

Secunia is pleased to announce the release of the annual Secunia report for 2008.

The vulnerabilities are caused due to boundary errors in the "CheckForUpdates()" and "UpdateComponents()" methods within "WhlMgr.dll", which can be exploited to cause stack-based buffer overflows.

Successful exploitation allows execution of arbitrary code.

SOLUTION: Update to the latest version as provided in Microsoft Intelligent Application Gateway 3.7 SP2.

PROVIDED AND/OR DISCOVERED BY: Will Dormann, CERT/CC.

ORIGINAL ADVISORY: US-CERT: http://www.kb.cert.org/vuls/id/789121

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200904-0565",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "intelligent application gateway 2007",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "3.7"
      },
      {
        "model": "intelligent application gateway 2007",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "*"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "microsoft",
        "version": null
      },
      {
        "model": "intelligent application gateway 2007",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "microsoft",
        "version": "3.7 sp2"
      },
      {
        "model": "intelligent application gateway 2007",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "microsoft",
        "version": "3.7"
      },
      {
        "model": "intelligent application gateway 2007",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "microsoft",
        "version": "sp1"
      },
      {
        "model": "intelligent application gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "20073.7"
      },
      {
        "model": "intelligent application gateway sp2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "20073.7"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#789121"
      },
      {
        "db": "BID",
        "id": "34532"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-004035"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-2238"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200904-335"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:intelligent_application_gateway_2007:*:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:intelligent_application_gateway_2007:*:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "3.7",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2007-2238"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Will Dormann",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200904-335"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2007-2238",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 9.3,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "CVE-2007-2238",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "id": "VHN-25600",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2007-2238",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#789121",
            "trust": 0.8,
            "value": "3.41"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200904-335",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULHUB",
            "id": "VHN-25600",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#789121"
      },
      {
        "db": "VULHUB",
        "id": "VHN-25600"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-004035"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-2238"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200904-335"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Multiple stack-based buffer overflows in the Whale Client Components ActiveX control (WhlMgr.dll), as used in Microsoft Intelligent Application Gateway (IAG) before 3.7 SP2, allow remote attackers to execute arbitrary code via long arguments to the (1) CheckForUpdates or (2) UpdateComponents methods. Failed exploit attempts likely result in denial-of-service conditions. \nNOTE: IAG was formerly known as Whale Communications Intelligent Application Gateway. \nVersions prior to IAG 2007 3.7 SP2 are vulnerable. The Whale client component used by IAG (provided by the WhlMgr.dll file) did not properly validate the input parameters passed to the CheckForUpdates() and UpdateComponents() methods. If the user is tricked into accessing a malicious web page and provides a super long input parameter to the above method, a stack overflow can be triggered, leading to the execution of arbitrary code. ----------------------------------------------------------------------\n\nSecunia is pleased to announce the release of the annual Secunia\nreport for 2008. \n\nThe vulnerabilities are caused due to boundary errors in the\n\"CheckForUpdates()\" and \"UpdateComponents()\" methods within\n\"WhlMgr.dll\", which can be exploited to cause stack-based buffer\noverflows. \n\nSuccessful exploitation allows execution of arbitrary code. \n\nSOLUTION:\nUpdate to the latest version as provided in Microsoft Intelligent\nApplication Gateway 3.7 SP2. \n\nPROVIDED AND/OR DISCOVERED BY:\nWill Dormann, CERT/CC. \n\nORIGINAL ADVISORY:\nUS-CERT:\nhttp://www.kb.cert.org/vuls/id/789121\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2007-2238"
      },
      {
        "db": "CERT/CC",
        "id": "VU#789121"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-004035"
      },
      {
        "db": "BID",
        "id": "34532"
      },
      {
        "db": "VULHUB",
        "id": "VHN-25600"
      },
      {
        "db": "PACKETSTORM",
        "id": "76759"
      }
    ],
    "trust": 2.79
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-25600",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-25600"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#789121",
        "trust": 3.7
      },
      {
        "db": "NVD",
        "id": "CVE-2007-2238",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "34532",
        "trust": 2.0
      },
      {
        "db": "SECUNIA",
        "id": "34725",
        "trust": 1.9
      },
      {
        "db": "VUPEN",
        "id": "ADV-2009-1061",
        "trust": 1.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-004035",
        "trust": 0.8
      },
      {
        "db": "XF",
        "id": "49888",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200904-335",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "82980",
        "trust": 0.1
      },
      {
        "db": "SEEBUG",
        "id": "SSVID-71122",
        "trust": 0.1
      },
      {
        "db": "EXPLOIT-DB",
        "id": "16608",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-25600",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "76759",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#789121"
      },
      {
        "db": "VULHUB",
        "id": "VHN-25600"
      },
      {
        "db": "BID",
        "id": "34532"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-004035"
      },
      {
        "db": "PACKETSTORM",
        "id": "76759"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-2238"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200904-335"
      }
    ]
  },
  "id": "VAR-200904-0565",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-25600"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T14:02:22.547000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Internet Explorer",
        "trust": 0.8,
        "url": "http://windows.microsoft.com/en-us/internet-explorer/products/ie/home"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-004035"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-119",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-25600"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-004035"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-2238"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.9,
        "url": "http://www.kb.cert.org/vuls/id/789121"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/34532"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/34725"
      },
      {
        "trust": 1.7,
        "url": "http://www.vupen.com/english/advisories/2009/1061"
      },
      {
        "trust": 1.1,
        "url": "http://technet.microsoft.com/en-us/library/dd282918.aspx"
      },
      {
        "trust": 1.1,
        "url": "http://support.microsoft.com/kb/240797"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49888"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-2238"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-2238"
      },
      {
        "trust": 0.6,
        "url": "http://xforce.iss.net/xforce/xfdb/49888"
      },
      {
        "trust": 0.3,
        "url": "http://www.microsoft.com/forefront/edgesecurity/iag/en/us/overview.aspx"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/try_vi/request_2008_report/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/34725/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/about_secunia_advisories/"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#789121"
      },
      {
        "db": "VULHUB",
        "id": "VHN-25600"
      },
      {
        "db": "BID",
        "id": "34532"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-004035"
      },
      {
        "db": "PACKETSTORM",
        "id": "76759"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-2238"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200904-335"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#789121"
      },
      {
        "db": "VULHUB",
        "id": "VHN-25600"
      },
      {
        "db": "BID",
        "id": "34532"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-004035"
      },
      {
        "db": "PACKETSTORM",
        "id": "76759"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-2238"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200904-335"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2009-04-15T00:00:00",
        "db": "CERT/CC",
        "id": "VU#789121"
      },
      {
        "date": "2009-04-16T00:00:00",
        "db": "VULHUB",
        "id": "VHN-25600"
      },
      {
        "date": "2009-04-15T00:00:00",
        "db": "BID",
        "id": "34532"
      },
      {
        "date": "2012-09-25T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2009-004035"
      },
      {
        "date": "2009-04-16T16:12:33",
        "db": "PACKETSTORM",
        "id": "76759"
      },
      {
        "date": "2009-04-16T15:12:57.280000",
        "db": "NVD",
        "id": "CVE-2007-2238"
      },
      {
        "date": "2009-04-16T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200904-335"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2009-05-27T00:00:00",
        "db": "CERT/CC",
        "id": "VU#789121"
      },
      {
        "date": "2017-07-29T00:00:00",
        "db": "VULHUB",
        "id": "VHN-25600"
      },
      {
        "date": "2009-04-21T00:26:00",
        "db": "BID",
        "id": "34532"
      },
      {
        "date": "2012-09-25T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2009-004035"
      },
      {
        "date": "2017-07-29T01:31:19.190000",
        "db": "NVD",
        "id": "CVE-2007-2238"
      },
      {
        "date": "2009-04-28T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200904-335"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200904-335"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Microsoft Whale Intelligent Application Gateway Whale Client Components ActiveX control stack buffer overflows",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#789121"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer overflow",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200904-335"
      }
    ],
    "trust": 0.6
  }
}

FKIE_CVE-2007-2238

Vulnerability from fkie_nvd - Published: 2009-04-16 15:12 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
cret@cert.org	http://secunia.com/advisories/34725
cret@cert.org	http://www.kb.cert.org/vuls/id/789121	US Government Resource
cret@cert.org	http://www.securityfocus.com/bid/34532	Patch
cret@cert.org	http://www.vupen.com/english/advisories/2009/1061
cret@cert.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/49888
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/34725
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/789121	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/34532	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/1061
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/49888

Impacted products

	Vendor	Product	Version
	microsoft	intelligent_application_gateway_2007	*
	microsoft	intelligent_application_gateway_2007	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:intelligent_application_gateway_2007:*:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "EADE9F62-25C2-42D3-AD6B-F42D5532C708",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:intelligent_application_gateway_2007:*:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "F6E439F6-4014-4019-A5B1-567B6D9C51B4",
              "versionEndIncluding": "3.7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple stack-based buffer overflows in the Whale Client Components ActiveX control (WhlMgr.dll), as used in Microsoft Intelligent Application Gateway (IAG) before 3.7 SP2, allow remote attackers to execute arbitrary code via long arguments to the (1) CheckForUpdates or (2) UpdateComponents methods."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples desbordamientos de b\u00fafer basados en pila en el control ActiveX Whale Client Components, como es usado en Microsoft Intelligent Application Gateway (IAG), antes de v3.7 SP2, permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante argumentos grandes a los m\u00e9todos (1) CheckForUpdates o (2) UpdateComponents."
    }
  ],
  "id": "CVE-2007-2238",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2009-04-16T15:12:57.280",
  "references": [
    {
      "source": "cret@cert.org",
      "url": "http://secunia.com/advisories/34725"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/789121"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/34532"
    },
    {
      "source": "cret@cert.org",
      "url": "http://www.vupen.com/english/advisories/2009/1061"
    },
    {
      "source": "cret@cert.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49888"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/34725"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/789121"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/34532"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2009/1061"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49888"
    }
  ],
  "sourceIdentifier": "cret@cert.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-HRJQ-V9HF-9F57

Vulnerability from github – Published: 2022-05-01 18:01 – Updated: 2022-05-01 18:01

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2007-2238"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2009-04-16T15:12:00Z",
    "severity": "HIGH"
  },
  "details": "Multiple stack-based buffer overflows in the Whale Client Components ActiveX control (WhlMgr.dll), as used in Microsoft Intelligent Application Gateway (IAG) before 3.7 SP2, allow remote attackers to execute arbitrary code via long arguments to the (1) CheckForUpdates or (2) UpdateComponents methods.",
  "id": "GHSA-hrjq-v9hf-9f57",
  "modified": "2022-05-01T18:01:33Z",
  "published": "2022-05-01T18:01:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-2238"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49888"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/34725"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/789121"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/34532"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2009/1061"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2007-2238 (GCVE-0-2007-2238)

GSD-2007-2238

VAR-200904-0565

FKIE_CVE-2007-2238

GHSA-HRJQ-V9HF-9F57

Tags

Sightings

Nomenclature