Microsoft IAG 2007 ActiveX Control Multiple Stack Based Buffer Overflow Vulnerabilities

The Microsoft Intelligent Application Gateway (IAG) 2007 Client Components ActiveX Control is prone to multiple stack-based buffer-overflow vulnerabilities because the application fails to perform adequate boundary checks on user-supplied data. The ActiveX control is identified by CLSID:

8D9563A9-8D5F-459B-87F2-BA842255CB9A

Successfully exploiting these issues allows remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts likely result in denial-of-service conditions.

NOTE: IAG was formerly known as Whale Communications Intelligent Application Gateway.

Versions prior to IAG 2007 3.7 SP2 are vulnerable.


 

Privacy Statement
Copyright 2010, SecurityFocus