CVE-2007-4474

high

Description

Multiple stack-based buffer overflows in the IBM Lotus Domino Web Access ActiveX control, as provided by inotes6.dll, inotes6w.dll, dwa7.dll, and dwa7w.dll, in Domino 6.x and 7.x allow remote attackers to execute arbitrary code, as demonstrated by an overflow from a long General_ServerName property value when calling the InstallBrowserHelperDll function in the Upload Module in the dwa7.dwa7.1 control in dwa7w.dll 7.0.34.1.

References

https://www.exploit-db.com/exploits/5111

https://www.exploit-db.com/exploits/4820

https://www.exploit-db.com/exploits/4818

https://exchange.xforce.ibmcloud.com/vulnerabilities/39175

http://www.vupen.com/english/advisories/2007/4296

http://www.securitytracker.com/id?1019138

http://www.kb.cert.org/vuls/id/963889

http://secunia.com/advisories/28184

http://osvdb.org/40954

Details

Source: Mitre, NVD

Published: 2007-12-27

Updated: 2017-09-29

Risk Information

CVSS v2

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: High