cvelistv5 - cve-2007-2238

CVE-2007-2238 (GCVE-0-2007-2238)

Vulnerability from cvelistv5

Published

2009-04-16 15:00

Modified

2024-08-07 13:33

Severity ?

CWE

Summary

References

URL

Tags

cret@cert.org	http://secunia.com/advisories/34725
cret@cert.org	http://www.kb.cert.org/vuls/id/789121	US Government Resource
cret@cert.org	http://www.securityfocus.com/bid/34532	Patch
cret@cert.org	http://www.vupen.com/english/advisories/2009/1061
cret@cert.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/49888
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/34725
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/789121	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/34532	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/1061
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/49888

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T13:33:27.624Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "VU#789121",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/789121"
          },
          {
            "name": "ADV-2009-1061",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/1061"
          },
          {
            "name": "34725",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/34725"
          },
          {
            "name": "34532",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/34532"
          },
          {
            "name": "iag-activex-bo(49888)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49888"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-04-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple stack-based buffer overflows in the Whale Client Components ActiveX control (WhlMgr.dll), as used in Microsoft Intelligent Application Gateway (IAG) before 3.7 SP2, allow remote attackers to execute arbitrary code via long arguments to the (1) CheckForUpdates or (2) UpdateComponents methods."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-28T12:57:01",
        "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "shortName": "certcc"
      },
      "references": [
        {
          "name": "VU#789121",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/789121"
        },
        {
          "name": "ADV-2009-1061",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/1061"
        },
        {
          "name": "34725",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/34725"
        },
        {
          "name": "34532",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/34532"
        },
        {
          "name": "iag-activex-bo(49888)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49888"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cert@cert.org",
          "ID": "CVE-2007-2238",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple stack-based buffer overflows in the Whale Client Components ActiveX control (WhlMgr.dll), as used in Microsoft Intelligent Application Gateway (IAG) before 3.7 SP2, allow remote attackers to execute arbitrary code via long arguments to the (1) CheckForUpdates or (2) UpdateComponents methods."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "VU#789121",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/789121"
            },
            {
              "name": "ADV-2009-1061",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/1061"
            },
            {
              "name": "34725",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/34725"
            },
            {
              "name": "34532",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/34532"
            },
            {
              "name": "iag-activex-bo(49888)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49888"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
    "assignerShortName": "certcc",
    "cveId": "CVE-2007-2238",
    "datePublished": "2009-04-16T15:00:00",
    "dateReserved": "2007-04-25T00:00:00",
    "dateUpdated": "2024-08-07T13:33:27.624Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2007-2238\",\"sourceIdentifier\":\"cret@cert.org\",\"published\":\"2009-04-16T15:12:57.280\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Multiple stack-based buffer overflows in the Whale Client Components ActiveX control (WhlMgr.dll), as used in Microsoft Intelligent Application Gateway (IAG) before 3.7 SP2, allow remote attackers to execute arbitrary code via long arguments to the (1) CheckForUpdates or (2) UpdateComponents methods.\"},{\"lang\":\"es\",\"value\":\"M\u00faltiples desbordamientos de b\u00fafer basados en pila en el control ActiveX Whale Client Components, como es usado en Microsoft Intelligent Application Gateway (IAG), antes de v3.7 SP2, permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante argumentos grandes a los m\u00e9todos (1) CheckForUpdates o (2) UpdateComponents.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:intelligent_application_gateway_2007:*:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"EADE9F62-25C2-42D3-AD6B-F42D5532C708\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:intelligent_application_gateway_2007:*:sp1:*:*:*:*:*:*\",\"versionEndIncluding\":\"3.7\",\"matchCriteriaId\":\"F6E439F6-4014-4019-A5B1-567B6D9C51B4\"}]}]}],\"references\":[{\"url\":\"http://secunia.com/advisories/34725\",\"source\":\"cret@cert.org\"},{\"url\":\"http://www.kb.cert.org/vuls/id/789121\",\"source\":\"cret@cert.org\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.securityfocus.com/bid/34532\",\"source\":\"cret@cert.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.vupen.com/english/advisories/2009/1061\",\"source\":\"cret@cert.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/49888\",\"source\":\"cret@cert.org\"},{\"url\":\"http://secunia.com/advisories/34725\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.kb.cert.org/vuls/id/789121\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.securityfocus.com/bid/34532\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.vupen.com/english/advisories/2009/1061\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/49888\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

gsd-2007-2238

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

Aliases

CVE-2007-2238

Aliases

CVE-2007-2238

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2007-2238",
    "description": "Multiple stack-based buffer overflows in the Whale Client Components ActiveX control (WhlMgr.dll), as used in Microsoft Intelligent Application Gateway (IAG) before 3.7 SP2, allow remote attackers to execute arbitrary code via long arguments to the (1) CheckForUpdates or (2) UpdateComponents methods.",
    "id": "GSD-2007-2238",
    "references": [
      "https://packetstormsecurity.com/files/cve/CVE-2007-2238"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2007-2238"
      ],
      "details": "Multiple stack-based buffer overflows in the Whale Client Components ActiveX control (WhlMgr.dll), as used in Microsoft Intelligent Application Gateway (IAG) before 3.7 SP2, allow remote attackers to execute arbitrary code via long arguments to the (1) CheckForUpdates or (2) UpdateComponents methods.",
      "id": "GSD-2007-2238",
      "modified": "2023-12-13T01:21:37.787181Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cert@cert.org",
        "ID": "CVE-2007-2238",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Multiple stack-based buffer overflows in the Whale Client Components ActiveX control (WhlMgr.dll), as used in Microsoft Intelligent Application Gateway (IAG) before 3.7 SP2, allow remote attackers to execute arbitrary code via long arguments to the (1) CheckForUpdates or (2) UpdateComponents methods."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "VU#789121",
            "refsource": "CERT-VN",
            "url": "http://www.kb.cert.org/vuls/id/789121"
          },
          {
            "name": "ADV-2009-1061",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2009/1061"
          },
          {
            "name": "34725",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/34725"
          },
          {
            "name": "34532",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/34532"
          },
          {
            "name": "iag-activex-bo(49888)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49888"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:intelligent_application_gateway_2007:*:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:intelligent_application_gateway_2007:*:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "3.7",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cert@cert.org",
          "ID": "CVE-2007-2238"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Multiple stack-based buffer overflows in the Whale Client Components ActiveX control (WhlMgr.dll), as used in Microsoft Intelligent Application Gateway (IAG) before 3.7 SP2, allow remote attackers to execute arbitrary code via long arguments to the (1) CheckForUpdates or (2) UpdateComponents methods."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-119"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "34532",
              "refsource": "BID",
              "tags": [
                "Patch"
              ],
              "url": "http://www.securityfocus.com/bid/34532"
            },
            {
              "name": "VU#789121",
              "refsource": "CERT-VN",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.kb.cert.org/vuls/id/789121"
            },
            {
              "name": "34725",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/34725"
            },
            {
              "name": "ADV-2009-1061",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2009/1061"
            },
            {
              "name": "iag-activex-bo(49888)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49888"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2017-07-29T01:31Z",
      "publishedDate": "2009-04-16T15:12Z"
    }
  }
}

ghsa-hrjq-v9hf-9f57

Vulnerability from github

Published

2022-05-01 18:01

Modified

2022-05-01 18:01

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2007-2238"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2009-04-16T15:12:00Z",
    "severity": "HIGH"
  },
  "details": "Multiple stack-based buffer overflows in the Whale Client Components ActiveX control (WhlMgr.dll), as used in Microsoft Intelligent Application Gateway (IAG) before 3.7 SP2, allow remote attackers to execute arbitrary code via long arguments to the (1) CheckForUpdates or (2) UpdateComponents methods.",
  "id": "GHSA-hrjq-v9hf-9f57",
  "modified": "2022-05-01T18:01:33Z",
  "published": "2022-05-01T18:01:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-2238"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49888"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/34725"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/789121"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/34532"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2009/1061"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

fkie_cve-2007-2238

Vulnerability from fkie_nvd

Published

2009-04-16 15:12

Modified

2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
cret@cert.org	http://secunia.com/advisories/34725
cret@cert.org	http://www.kb.cert.org/vuls/id/789121	US Government Resource
cret@cert.org	http://www.securityfocus.com/bid/34532	Patch
cret@cert.org	http://www.vupen.com/english/advisories/2009/1061
cret@cert.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/49888
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/34725
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/789121	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/34532	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/1061
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/49888

Impacted products

	Vendor	Product	Version
	microsoft	intelligent_application_gateway_2007	*
	microsoft	intelligent_application_gateway_2007	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:intelligent_application_gateway_2007:*:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "EADE9F62-25C2-42D3-AD6B-F42D5532C708",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:intelligent_application_gateway_2007:*:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "F6E439F6-4014-4019-A5B1-567B6D9C51B4",
              "versionEndIncluding": "3.7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple stack-based buffer overflows in the Whale Client Components ActiveX control (WhlMgr.dll), as used in Microsoft Intelligent Application Gateway (IAG) before 3.7 SP2, allow remote attackers to execute arbitrary code via long arguments to the (1) CheckForUpdates or (2) UpdateComponents methods."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples desbordamientos de b\u00fafer basados en pila en el control ActiveX Whale Client Components, como es usado en Microsoft Intelligent Application Gateway (IAG), antes de v3.7 SP2, permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante argumentos grandes a los m\u00e9todos (1) CheckForUpdates o (2) UpdateComponents."
    }
  ],
  "id": "CVE-2007-2238",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2009-04-16T15:12:57.280",
  "references": [
    {
      "source": "cret@cert.org",
      "url": "http://secunia.com/advisories/34725"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/789121"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/34532"
    },
    {
      "source": "cret@cert.org",
      "url": "http://www.vupen.com/english/advisories/2009/1061"
    },
    {
      "source": "cret@cert.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49888"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/34725"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/789121"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/34532"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2009/1061"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49888"
    }
  ],
  "sourceIdentifier": "cret@cert.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Multiple stack-based buffer overflows in the Whale Client Components ActiveX control (WhlMgr.dll), as used in Microsoft Intelligent Application Gateway (IAG) before 3.7 SP2, allow remote attackers to execute arbitrary code via long arguments to the (1) CheckForUpdates or (2) UpdateComponents methods. Failed exploit attempts likely result in denial-of-service conditions. NOTE: IAG was formerly known as Whale Communications Intelligent Application Gateway. Versions prior to IAG 2007 3.7 SP2 are vulnerable. The Whale client component used by IAG (provided by the WhlMgr.dll file) did not properly validate the input parameters passed to the CheckForUpdates() and UpdateComponents() methods. If the user is tricked into accessing a malicious web page and provides a super long input parameter to the above method, a stack overflow can be triggered, leading to the execution of arbitrary code. ----------------------------------------------------------------------

Secunia is pleased to announce the release of the annual Secunia report for 2008.

The vulnerabilities are caused due to boundary errors in the "CheckForUpdates()" and "UpdateComponents()" methods within "WhlMgr.dll", which can be exploited to cause stack-based buffer overflows.

Successful exploitation allows execution of arbitrary code.

SOLUTION: Update to the latest version as provided in Microsoft Intelligent Application Gateway 3.7 SP2.

PROVIDED AND/OR DISCOVERED BY: Will Dormann, CERT/CC.

ORIGINAL ADVISORY: US-CERT: http://www.kb.cert.org/vuls/id/789121

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200904-0565",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "intelligent application gateway 2007",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "*"
      },
      {
        "model": "intelligent application gateway 2007",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "3.7"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "microsoft",
        "version": null
      },
      {
        "model": "intelligent application gateway 2007",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "microsoft",
        "version": "3.7 sp2"
      },
      {
        "model": "intelligent application gateway 2007",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "microsoft",
        "version": "3.7"
      },
      {
        "model": "intelligent application gateway 2007",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "microsoft",
        "version": "sp1"
      },
      {
        "model": "intelligent application gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "20073.7"
      },
      {
        "model": "intelligent application gateway sp2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "20073.7"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#789121"
      },
      {
        "db": "BID",
        "id": "34532"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-004035"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200904-335"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-2238"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:microsoft:intelligent_application_gateway_2007",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-004035"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Will Dormann",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200904-335"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2007-2238",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "id": "CVE-2007-2238",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 1.8,
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "id": "VHN-25600",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2007-2238",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#789121",
            "trust": 0.8,
            "value": "3.41"
          },
          {
            "author": "NVD",
            "id": "CVE-2007-2238",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200904-335",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULHUB",
            "id": "VHN-25600",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#789121"
      },
      {
        "db": "VULHUB",
        "id": "VHN-25600"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-004035"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200904-335"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-2238"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Multiple stack-based buffer overflows in the Whale Client Components ActiveX control (WhlMgr.dll), as used in Microsoft Intelligent Application Gateway (IAG) before 3.7 SP2, allow remote attackers to execute arbitrary code via long arguments to the (1) CheckForUpdates or (2) UpdateComponents methods. Failed exploit attempts likely result in denial-of-service conditions. \nNOTE: IAG was formerly known as Whale Communications Intelligent Application Gateway. \nVersions prior to IAG 2007 3.7 SP2 are vulnerable. The Whale client component used by IAG (provided by the WhlMgr.dll file) did not properly validate the input parameters passed to the CheckForUpdates() and UpdateComponents() methods. If the user is tricked into accessing a malicious web page and provides a super long input parameter to the above method, a stack overflow can be triggered, leading to the execution of arbitrary code. ----------------------------------------------------------------------\n\nSecunia is pleased to announce the release of the annual Secunia\nreport for 2008. \n\nThe vulnerabilities are caused due to boundary errors in the\n\"CheckForUpdates()\" and \"UpdateComponents()\" methods within\n\"WhlMgr.dll\", which can be exploited to cause stack-based buffer\noverflows. \n\nSuccessful exploitation allows execution of arbitrary code. \n\nSOLUTION:\nUpdate to the latest version as provided in Microsoft Intelligent\nApplication Gateway 3.7 SP2. \n\nPROVIDED AND/OR DISCOVERED BY:\nWill Dormann, CERT/CC. \n\nORIGINAL ADVISORY:\nUS-CERT:\nhttp://www.kb.cert.org/vuls/id/789121\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2007-2238"
      },
      {
        "db": "CERT/CC",
        "id": "VU#789121"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-004035"
      },
      {
        "db": "BID",
        "id": "34532"
      },
      {
        "db": "VULHUB",
        "id": "VHN-25600"
      },
      {
        "db": "PACKETSTORM",
        "id": "76759"
      }
    ],
    "trust": 2.79
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-25600",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-25600"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#789121",
        "trust": 3.7
      },
      {
        "db": "NVD",
        "id": "CVE-2007-2238",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "34532",
        "trust": 2.0
      },
      {
        "db": "SECUNIA",
        "id": "34725",
        "trust": 1.9
      },
      {
        "db": "VUPEN",
        "id": "ADV-2009-1061",
        "trust": 1.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-004035",
        "trust": 0.8
      },
      {
        "db": "XF",
        "id": "49888",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200904-335",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "82980",
        "trust": 0.1
      },
      {
        "db": "SEEBUG",
        "id": "SSVID-71122",
        "trust": 0.1
      },
      {
        "db": "EXPLOIT-DB",
        "id": "16608",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-25600",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "76759",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#789121"
      },
      {
        "db": "VULHUB",
        "id": "VHN-25600"
      },
      {
        "db": "BID",
        "id": "34532"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-004035"
      },
      {
        "db": "PACKETSTORM",
        "id": "76759"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200904-335"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-2238"
      }
    ]
  },
  "id": "VAR-200904-0565",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-25600"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-11-23T23:10:14.746000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Internet Explorer",
        "trust": 0.8,
        "url": "http://windows.microsoft.com/en-US/internet-explorer/products/ie/home"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-004035"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-119",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-25600"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-004035"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-2238"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.9,
        "url": "http://www.kb.cert.org/vuls/id/789121"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/34532"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/34725"
      },
      {
        "trust": 1.7,
        "url": "http://www.vupen.com/english/advisories/2009/1061"
      },
      {
        "trust": 1.1,
        "url": "http://technet.microsoft.com/en-us/library/dd282918.aspx"
      },
      {
        "trust": 1.1,
        "url": "http://support.microsoft.com/kb/240797"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49888"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-2238"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-2238"
      },
      {
        "trust": 0.6,
        "url": "http://xforce.iss.net/xforce/xfdb/49888"
      },
      {
        "trust": 0.3,
        "url": "http://www.microsoft.com/forefront/edgesecurity/iag/en/us/overview.aspx"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/try_vi/request_2008_report/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/34725/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/about_secunia_advisories/"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#789121"
      },
      {
        "db": "VULHUB",
        "id": "VHN-25600"
      },
      {
        "db": "BID",
        "id": "34532"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-004035"
      },
      {
        "db": "PACKETSTORM",
        "id": "76759"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200904-335"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-2238"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#789121"
      },
      {
        "db": "VULHUB",
        "id": "VHN-25600"
      },
      {
        "db": "BID",
        "id": "34532"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-004035"
      },
      {
        "db": "PACKETSTORM",
        "id": "76759"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200904-335"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-2238"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2009-04-15T00:00:00",
        "db": "CERT/CC",
        "id": "VU#789121"
      },
      {
        "date": "2009-04-16T00:00:00",
        "db": "VULHUB",
        "id": "VHN-25600"
      },
      {
        "date": "2009-04-15T00:00:00",
        "db": "BID",
        "id": "34532"
      },
      {
        "date": "2012-09-25T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2009-004035"
      },
      {
        "date": "2009-04-16T16:12:33",
        "db": "PACKETSTORM",
        "id": "76759"
      },
      {
        "date": "2009-04-16T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200904-335"
      },
      {
        "date": "2009-04-16T15:12:57.280000",
        "db": "NVD",
        "id": "CVE-2007-2238"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2009-05-27T00:00:00",
        "db": "CERT/CC",
        "id": "VU#789121"
      },
      {
        "date": "2017-07-29T00:00:00",
        "db": "VULHUB",
        "id": "VHN-25600"
      },
      {
        "date": "2009-04-21T00:26:00",
        "db": "BID",
        "id": "34532"
      },
      {
        "date": "2012-09-25T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2009-004035"
      },
      {
        "date": "2009-04-28T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200904-335"
      },
      {
        "date": "2024-11-21T00:30:16.240000",
        "db": "NVD",
        "id": "CVE-2007-2238"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200904-335"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Microsoft Whale Intelligent Application Gateway Whale Client Components ActiveX control stack buffer overflows",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#789121"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer overflow",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200904-335"
      }
    ],
    "trust": 0.6
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2007-2238 (GCVE-0-2007-2238)

Vulnerability from cvelistv5

gsd-2007-2238

Vulnerability from gsd

ghsa-hrjq-v9hf-9f57

Vulnerability from github

fkie_cve-2007-2238

Vulnerability from fkie_nvd

var-200904-0565

Vulnerability from variot

Tags

Sightings

Nomenclature