var-200904-0565
Vulnerability from variot
Multiple stack-based buffer overflows in the Whale Client Components ActiveX control (WhlMgr.dll), as used in Microsoft Intelligent Application Gateway (IAG) before 3.7 SP2, allow remote attackers to execute arbitrary code via long arguments to the (1) CheckForUpdates or (2) UpdateComponents methods. Failed exploit attempts likely result in denial-of-service conditions. NOTE: IAG was formerly known as Whale Communications Intelligent Application Gateway. Versions prior to IAG 2007 3.7 SP2 are vulnerable. The Whale client component used by IAG (provided by the WhlMgr.dll file) did not properly validate the input parameters passed to the CheckForUpdates() and UpdateComponents() methods. If the user is tricked into accessing a malicious web page and provides a super long input parameter to the above method, a stack overflow can be triggered, leading to the execution of arbitrary code. ----------------------------------------------------------------------
Secunia is pleased to announce the release of the annual Secunia report for 2008.
The vulnerabilities are caused due to boundary errors in the "CheckForUpdates()" and "UpdateComponents()" methods within "WhlMgr.dll", which can be exploited to cause stack-based buffer overflows.
Successful exploitation allows execution of arbitrary code.
SOLUTION: Update to the latest version as provided in Microsoft Intelligent Application Gateway 3.7 SP2.
PROVIDED AND/OR DISCOVERED BY: Will Dormann, CERT/CC.
ORIGINAL ADVISORY: US-CERT: http://www.kb.cert.org/vuls/id/789121
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200904-0565",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "intelligent application gateway 2007",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "*"
},
{
"model": "intelligent application gateway 2007",
"scope": "lte",
"trust": 1.0,
"vendor": "microsoft",
"version": "3.7"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "microsoft",
"version": null
},
{
"model": "intelligent application gateway 2007",
"scope": "lt",
"trust": 0.8,
"vendor": "microsoft",
"version": "3.7 sp2"
},
{
"model": "intelligent application gateway 2007",
"scope": "eq",
"trust": 0.6,
"vendor": "microsoft",
"version": "3.7"
},
{
"model": "intelligent application gateway 2007",
"scope": "eq",
"trust": 0.6,
"vendor": "microsoft",
"version": "sp1"
},
{
"model": "intelligent application gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20073.7"
},
{
"model": "intelligent application gateway sp2",
"scope": "ne",
"trust": 0.3,
"vendor": "microsoft",
"version": "20073.7"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#789121"
},
{
"db": "BID",
"id": "34532"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-004035"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-335"
},
{
"db": "NVD",
"id": "CVE-2007-2238"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:microsoft:intelligent_application_gateway_2007",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-004035"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Will Dormann",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-335"
}
],
"trust": 0.6
},
"cve": "CVE-2007-2238",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CVE-2007-2238",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "VHN-25600",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2007-2238",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#789121",
"trust": 0.8,
"value": "3.41"
},
{
"author": "NVD",
"id": "CVE-2007-2238",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-200904-335",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-25600",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#789121"
},
{
"db": "VULHUB",
"id": "VHN-25600"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-004035"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-335"
},
{
"db": "NVD",
"id": "CVE-2007-2238"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple stack-based buffer overflows in the Whale Client Components ActiveX control (WhlMgr.dll), as used in Microsoft Intelligent Application Gateway (IAG) before 3.7 SP2, allow remote attackers to execute arbitrary code via long arguments to the (1) CheckForUpdates or (2) UpdateComponents methods. Failed exploit attempts likely result in denial-of-service conditions. \nNOTE: IAG was formerly known as Whale Communications Intelligent Application Gateway. \nVersions prior to IAG 2007 3.7 SP2 are vulnerable. The Whale client component used by IAG (provided by the WhlMgr.dll file) did not properly validate the input parameters passed to the CheckForUpdates() and UpdateComponents() methods. If the user is tricked into accessing a malicious web page and provides a super long input parameter to the above method, a stack overflow can be triggered, leading to the execution of arbitrary code. ----------------------------------------------------------------------\n\nSecunia is pleased to announce the release of the annual Secunia\nreport for 2008. \n\nThe vulnerabilities are caused due to boundary errors in the\n\"CheckForUpdates()\" and \"UpdateComponents()\" methods within\n\"WhlMgr.dll\", which can be exploited to cause stack-based buffer\noverflows. \n\nSuccessful exploitation allows execution of arbitrary code. \n\nSOLUTION:\nUpdate to the latest version as provided in Microsoft Intelligent\nApplication Gateway 3.7 SP2. \n\nPROVIDED AND/OR DISCOVERED BY:\nWill Dormann, CERT/CC. \n\nORIGINAL ADVISORY:\nUS-CERT:\nhttp://www.kb.cert.org/vuls/id/789121\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2007-2238"
},
{
"db": "CERT/CC",
"id": "VU#789121"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-004035"
},
{
"db": "BID",
"id": "34532"
},
{
"db": "VULHUB",
"id": "VHN-25600"
},
{
"db": "PACKETSTORM",
"id": "76759"
}
],
"trust": 2.79
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-25600",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-25600"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#789121",
"trust": 3.7
},
{
"db": "NVD",
"id": "CVE-2007-2238",
"trust": 2.8
},
{
"db": "BID",
"id": "34532",
"trust": 2.0
},
{
"db": "SECUNIA",
"id": "34725",
"trust": 1.9
},
{
"db": "VUPEN",
"id": "ADV-2009-1061",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2009-004035",
"trust": 0.8
},
{
"db": "XF",
"id": "49888",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200904-335",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "82980",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-71122",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "16608",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-25600",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "76759",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#789121"
},
{
"db": "VULHUB",
"id": "VHN-25600"
},
{
"db": "BID",
"id": "34532"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-004035"
},
{
"db": "PACKETSTORM",
"id": "76759"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-335"
},
{
"db": "NVD",
"id": "CVE-2007-2238"
}
]
},
"id": "VAR-200904-0565",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-25600"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T23:10:14.746000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Internet Explorer",
"trust": 0.8,
"url": "http://windows.microsoft.com/en-US/internet-explorer/products/ie/home"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-004035"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-25600"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-004035"
},
{
"db": "NVD",
"id": "CVE-2007-2238"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.9,
"url": "http://www.kb.cert.org/vuls/id/789121"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/34532"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/34725"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2009/1061"
},
{
"trust": 1.1,
"url": "http://technet.microsoft.com/en-us/library/dd282918.aspx"
},
{
"trust": 1.1,
"url": "http://support.microsoft.com/kb/240797"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49888"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-2238"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-2238"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/49888"
},
{
"trust": 0.3,
"url": "http://www.microsoft.com/forefront/edgesecurity/iag/en/us/overview.aspx"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/try_vi/request_2008_report/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/34725/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#789121"
},
{
"db": "VULHUB",
"id": "VHN-25600"
},
{
"db": "BID",
"id": "34532"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-004035"
},
{
"db": "PACKETSTORM",
"id": "76759"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-335"
},
{
"db": "NVD",
"id": "CVE-2007-2238"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#789121"
},
{
"db": "VULHUB",
"id": "VHN-25600"
},
{
"db": "BID",
"id": "34532"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-004035"
},
{
"db": "PACKETSTORM",
"id": "76759"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-335"
},
{
"db": "NVD",
"id": "CVE-2007-2238"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-04-15T00:00:00",
"db": "CERT/CC",
"id": "VU#789121"
},
{
"date": "2009-04-16T00:00:00",
"db": "VULHUB",
"id": "VHN-25600"
},
{
"date": "2009-04-15T00:00:00",
"db": "BID",
"id": "34532"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-004035"
},
{
"date": "2009-04-16T16:12:33",
"db": "PACKETSTORM",
"id": "76759"
},
{
"date": "2009-04-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-335"
},
{
"date": "2009-04-16T15:12:57.280000",
"db": "NVD",
"id": "CVE-2007-2238"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-05-27T00:00:00",
"db": "CERT/CC",
"id": "VU#789121"
},
{
"date": "2017-07-29T00:00:00",
"db": "VULHUB",
"id": "VHN-25600"
},
{
"date": "2009-04-21T00:26:00",
"db": "BID",
"id": "34532"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-004035"
},
{
"date": "2009-04-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-335"
},
{
"date": "2024-11-21T00:30:16.240000",
"db": "NVD",
"id": "CVE-2007-2238"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-335"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Microsoft Whale Intelligent Application Gateway Whale Client Components ActiveX control stack buffer overflows",
"sources": [
{
"db": "CERT/CC",
"id": "VU#789121"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-335"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…