CVE-2007-2238

Name of the Vulnerable Software and Affected Versions Microsoft Intelligent Application Gateway versions prior to 3.7 SP2

Description The issue is related to multiple stack-based buffer overflows in the Whale Client Components ActiveX control. This can be exploited by remote attackers to execute arbitrary code via long arguments to the CheckForUpdates or UpdateComponents methods.

Recommendations For versions prior to 3.7 SP2, update to version 3.7 SP2 or later to resolve the issue. As a temporary workaround, consider disabling the CheckForUpdates and UpdateComponents methods until a patch is available. Restrict access to the Whale Client Components ActiveX control to minimize the risk of exploitation.