CVE Vulnerability

CVE-2007-4474

Multiple stack-based buffer overflows in the IBM Lotus Domino Web Access ActiveX control, as provided by inotes6.dll, inotes6w.dll, dwa7.dll, and dwa7w.dll, in Domino 6.x and 7.x allow remote attackers to execute arbitrary code, as demonstrated by an overflow from a long General_ServerName property value when calling the InstallBrowserHelperDll function in the Upload Module in the dwa7.dwa7.1 control in dwa7w.dll 7.0.34.1.

9.3 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8.6 / Impact : 10

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

Scope

References
Link Resource
http://lists.grok.org.uk/pipermail/full-disclosure/2007-December/059233.html Exploit
http://www.kb.cert.org/vuls/id/963889 US Government Resource
http://www.securityfocus.com/bid/26972 Exploit
http://secunia.com/advisories/28184 Vendor Advisory
http://www.securitytracker.com/id?1019138
http://osvdb.org/40954
http://www.vupen.com/english/advisories/2007/4296
https://exchange.xforce.ibmcloud.com/vulnerabilities/39175
https://www.exploit-db.com/exploits/5111
https://www.exploit-db.com/exploits/4820
https://www.exploit-db.com/exploits/4818
Configurations

Configuration 1

cpe:2.3:a:ibm:domino_web_access:6.5.4:*:*:*:*:*:*:*
cpe:2.3:a:ibm:lotus_domino_web_access:7.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:domino_web_access:6.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:lotus_domino_web_access:7.0.34.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:domino_web_access:7.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:domino_web_access:6.0.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:domino_web_access:6.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:domino_web_access:7.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:domino_web_access:6.0.3:*:*:*:*:*:*:*
cpe:2.3:a:ibm:domino_web_access:6.5.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:domino_web_access:6.5.5:*:*:*:*:*:*:*
cpe:2.3:a:ibm:domino_web_access:6.5:*:*:*:*:*:*:*
cpe:2.3:a:ibm:domino_web_access:6.0.1.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:domino_web_access:6.5.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:domino_web_access:6.0.5:*:*:*:*:*:*:*
cpe:2.3:a:ibm:domino_web_access:6.0.4:*:*:*:*:*:*:*
cpe:2.3:a:ibm:domino_web_access:6.5.3:*:*:*:*:*:*:*
Information

Published : 2007-12-27 10:46

Updated : 2017-09-29 01:29

NVD link : CVE-2007-4474

Mitre link : CVE-2007-4474

Products Affected
No products.
CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer