CVE-2007-2238

Microsoft Intelligent Application Gateway 2007 - Memory Corruption

Title source: rule

Description

Multiple stack-based buffer overflows in the Whale Client Components ActiveX control (WhlMgr.dll), as used in Microsoft Intelligent Application Gateway (IAG) before 3.7 SP2, allow remote attackers to execute arbitrary code via long arguments to the (1) CheckForUpdates or (2) UpdateComponents methods.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/16608

View Code ZIP pw:eip

metasploit WORKING POC NORMAL

by MC · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/mswhale_checkforupdates.rb

View Code ZIP pw:eip

References (5)

[US Government Resource] http://www.kb.cert.org/vuls/id/789121

[Patch] http://www.securityfocus.com/bid/34532

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/49888

[Third Party Advisory] http://secunia.com/advisories/34725

[Third Party Advisory] http://www.vupen.com/english/advisories/2009/1061

Scores

EPSS 0.7652

EPSS Percentile 98.9%

Details

CWE

CWE-119

Status published

Products (1)

microsoft/intelligent_application_gateway_2007

Published Apr 16, 2009

Tracked Since Feb 18, 2026