CVE-2007-2238

critical

Description

Multiple stack-based buffer overflows in the Whale Client Components ActiveX control (WhlMgr.dll), as used in Microsoft Intelligent Application Gateway (IAG) before 3.7 SP2, allow remote attackers to execute arbitrary code via long arguments to the (1) CheckForUpdates or (2) UpdateComponents methods.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/49888

http://www.vupen.com/english/advisories/2009/1061

http://www.securityfocus.com/bid/34532

http://www.kb.cert.org/vuls/id/789121

http://secunia.com/advisories/34725

Details

Source: Mitre, NVD

Published: 2009-04-16

Updated: 2017-07-29

Risk Information

CVSS v2

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical