Skip to main content

Micosoft Whale IAG ActiveX Remote Buffer Overflow Vulnerabilities

Last Update Date: 28 Jan 2011 Release Date: 17 Apr 2009 5335 Views

RISK: Medium Risk

Multiple vulnerabilities have been identified in Microsoft Whale Communications Intelligent Application Gateway (IAG) 2007, which could be exploited by remote attackers to comrpromise an affected system. These issues are caused by buffer overflow errors in the "WhlMgr.dll" ActiveX control when processing a specially crafted arguments passed to the "CheckForUpdates()" or "UpdateComponents()" method, which could be exploited to execute arbitrary code by tricking a user into visiting a malicious web page.


Impact

  • Remote Code Execution

System / Technologies affected

  • Microsoft Whale Communications Intelligent Application Gateway (IAG) 2007 versions prior to 3.7

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

Upgrade to Microsoft Whale Communications Intelligent Application Gateway (IAG) 2007 version 3.7 SP2 :
http://technet.microsoft.com/en-us/library/dd282918.aspx


Vulnerability Identifier


Source


Related Link