Stack-Based Buffer Overflow in IBM Lotus Domino Web Access
CVE-2007-4474

Currently unrated

Key Information:

Vendor: IBM
Status: Domino Web Access; Lotus Domino Web Access
Vendor: CVE Published:; 27 December 2007

Summary

The IBM Lotus Domino Web Access features multiple stack-based buffer overflows in its ActiveX control components, notably within the inotes6.dll, inotes6w.dll, dwa7.dll, and dwa7w.dll files. These vulnerabilities enable attackers to exploit the system by executing arbitrary code through specially crafted input, such as a long General_ServerName property value provided during function calls to InstallBrowserHelperDll in the Upload Module. This flaw poses significant risks to users by allowing remote execution of malicious payloads, thereby compromising system integrity.

References

http://www.securitytracker.com/id?1019138

vdb-entryx_refsource_SECTRACK

https://www.exploit-db.com/exploits/5111

exploitx_refsource_EXPLOIT-DB

http://www.securityfocus.com/bid/26972

vdb-entryx_refsource_BID

EPSS Score

87% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Dec 27, 2007
Vulnerability Reserved
Aug 22, 2007