CVE-2007-4474

CVSS V2 High 9.3 CVSS V3 None

Description

Multiple stack-based buffer overflows in the IBM Lotus Domino Web Access ActiveX control, as provided by inotes6.dll, inotes6w.dll, dwa7.dll, and dwa7w.dll, in Domino 6.x and 7.x allow remote attackers to execute arbitrary code, as demonstrated by an overflow from a long General_ServerName property value when calling the InstallBrowserHelperDll function in the Upload Module in the dwa7.dwa7.1 control in dwa7w.dll 7.0.34.1.

Overview

CVE ID
CVE-2007-4474

Assigner
cret@cert.org

Vulnerability Status
Modified

Published Version
2007-12-27T22:46:00

Last Modified Date
2017-09-29T01:29:17

Weakness Enumerations

CWE	URL
CWE-119	http://cwe.mitre.org/data/definitions/119.html

CPE Configuration (Product)

CPE	Vulnerable	Operator
cpe:2.3:a:ibm:domino_web_access:6.0:::::::*	1	OR
cpe:2.3:a:ibm:domino_web_access:6.0.1:::::::*	1	OR
cpe:2.3:a:ibm:domino_web_access:6.0.1.1:::::::*	1	OR
cpe:2.3:a:ibm:domino_web_access:6.0.2:::::::*	1	OR
cpe:2.3:a:ibm:domino_web_access:6.0.3:::::::*	1	OR
cpe:2.3:a:ibm:domino_web_access:6.0.4:::::::*	1	OR
cpe:2.3:a:ibm:domino_web_access:6.0.5:::::::*	1	OR
cpe:2.3:a:ibm:domino_web_access:6.5:::::::*	1	OR
cpe:2.3:a:ibm:domino_web_access:6.5.1:::::::*	1	OR
cpe:2.3:a:ibm:domino_web_access:6.5.2:::::::*	1	OR
cpe:2.3:a:ibm:domino_web_access:6.5.3:::::::*	1	OR
cpe:2.3:a:ibm:domino_web_access:6.5.4:::::::*	1	OR
cpe:2.3:a:ibm:domino_web_access:6.5.5:::::::*	1	OR
cpe:2.3:a:ibm:domino_web_access:7.0:::::::*	1	OR
cpe:2.3:a:ibm:domino_web_access:7.0.1:::::::*	1	OR
cpe:2.3:a:ibm:lotus_domino_web_access:7.0.1:::::::*	1	OR
cpe:2.3:a:ibm:lotus_domino_web_access:7.0.34.1:::::::*	1	OR

CVSS Version 2

Version
2.0

Vector String
AV:N/AC:M/Au:N/C:C/I:C/A:C

Access Vector
NETWORK

Access Compatibility
MEDIUM

Authentication
NONE

Confidentiality Impact
COMPLETE

Integrity Impact
COMPLETE

Availability Impact
COMPLETE

Base Score
9.3

Severity
HIGH

Exploitability Score
8.6

Impact Score
10

References

Reference URL	Reference Tags
http://lists.grok.org.uk/pipermail/full-disclosure/2007-December/059233.html	Exploit
http://www.kb.cert.org/vuls/id/963889	US Government Resource
http://www.securityfocus.com/bid/26972	Exploit
http://secunia.com/advisories/28184	Vendor Advisory
http://www.securitytracker.com/id?1019138
http://osvdb.org/40954
http://www.vupen.com/english/advisories/2007/4296
https://exchange.xforce.ibmcloud.com/vulnerabilities/39175
https://www.exploit-db.com/exploits/5111
https://www.exploit-db.com/exploits/4820
https://www.exploit-db.com/exploits/4818

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2007-4474
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4474

History

Created	Old Value	New Value	Data Type	Notes
2022-05-10 08:27:50				Added to TrackCVE