Microsoft Whale Client Components ActiveX (WhlMgr.dll) Multiple Method Overflows
High Nessus Plugin ID 38734
SynopsisThe remote Windows host has an ActiveX control that is affected by multiple buffer overflows.
DescriptionThe version of the Whale Client Components ActiveX control, a component of Microsoft Whale Intelligent Application Gateway product and installed on the remote Windows host, reportedly contains multiple stack-based buffer overflows that can be triggered using long arguments to the 'CheckForUpdates' and 'UpdateComponents' methods. If an attacker can trick a user on the affected host into viewing a specially crafted HTML document, he can leverage these issues to execute arbitrary code on the affected system subject to the user's privileges.
SolutionUpgrade to Microsoft Intelligent Application Gateway 3.7 SP2 or later.