CVE-2007-4474

Currently unrated

Key Information:

Vendor: IBM
Status: Domino Web Access; Lotus Domino Web Access
Vendor: CVE Published:; 27 December 2007

Summary

Multiple stack-based buffer overflows in the IBM Lotus Domino Web Access ActiveX control, as provided by inotes6.dll, inotes6w.dll, dwa7.dll, and dwa7w.dll, in Domino 6.x and 7.x allow remote attackers to execute arbitrary code, as demonstrated by an overflow from a long General_ServerName property value when calling the InstallBrowserHelperDll function in the Upload Module in the dwa7.dwa7.1 control in dwa7w.dll 7.0.34.1.

References

http://www.securitytracker.com/id?1019138

vdb-entryx_refsource_SECTRACK

https://www.exploit-db.com/exploits/5111

exploitx_refsource_EXPLOIT-DB

http://www.securityfocus.com/bid/26972

vdb-entryx_refsource_BID

EPSS Score

93% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Dec 27, 2007
Vulnerability Reserved
Aug 22, 2007