Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-4474

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2007-4474
Last Modified 07 Mar 2011 09:58:38
Published 27 Dec 2007 05:46:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-4474

Summary

Multiple stack-based buffer overflows in the IBM Lotus Domino Web Access ActiveX control, as provided by inotes6.dll, inotes6w.dll, dwa7.dll, and dwa7w.dll, in Domino 6.x and 7.x allow remote attackers to execute arbitrary code, as demonstrated by an overflow from a long General_ServerName property value when calling the InstallBrowserHelperDll function in the Upload Module in the dwa7.dwa7.1 control in dwa7w.dll 7.0.34.1.

Vulnerable Systems

Application

  • Ibm Domino Web Access 6.0

  • Ibm Domino Web Access 6.0.1

  • Ibm Domino Web Access 6.0.1.1

  • Ibm Domino Web Access 6.0.2

  • Ibm Domino Web Access 6.0.3

  • Ibm Domino Web Access 6.0.4

  • Ibm Domino Web Access 6.0.5

  • Ibm Domino Web Access 6.5

  • Ibm Domino Web Access 6.5.1

  • Ibm Domino Web Access 6.5.2

  • Ibm Domino Web Access 6.5.3

  • Ibm Domino Web Access 6.5.4

  • Ibm Domino Web Access 6.5.5

  • Ibm Domino Web Access 7.0

  • Ibm Domino Web Access 7.0.1

  • Ibm Lotus Domino Web Access 7.0.1

  • Ibm Lotus Domino Web Access 7.0.34.1


References

CERT-VN - VU#963889

XF - domino-dwa7w-bo(39175)

VUPEN - ADV-2007-4296

BID - 26972

MILW0RM - 4818

SECUNIA - 28184

OSVDB - 40954

FULLDISC - 20071220 IBM Domino Web Access Upload Control dwa7w.dll Memory Corruption

SECTRACK - 1019138

MILW0RM - 5111

MILW0RM - 4820


Last Updated: 27 May 2016 10:45:52