How severe is CVE-2007-4474?

The severity of CVE-2007-4474 has not been assessed with CVSS v3.

CVE-2007-4474: Multiple stack-based buffer overflows in the IBM Lotus Domino Web Access ActiveX control, as provided by inotes6.dll, inotes6w.dll, dwa7.dll, and dwa7w.dll, in Domino 6.x and 7.x allow remote attacker | Zerodai Security

Name: domino_web_access
Author: ibm

Description

Multiple stack-based buffer overflows in the IBM Lotus Domino Web Access ActiveX control, as provided by inotes6.dll, inotes6w.dll, dwa7.dll, and dwa7w.dll, in Domino 6.x and 7.x allow remote attackers to execute arbitrary code, as demonstrated by an overflow from a long General_ServerName property value when calling the InstallBrowserHelperDll function in the Upload Module in the dwa7.dwa7.1 control in dwa7w.dll 7.0.34.1.

AI AnalysisPowered by AI

Affected Products

ibmdomino_web_access

6.0

ibmdomino_web_access

6.0.1

ibmdomino_web_access

6.0.1.1

ibmdomino_web_access

6.0.2

ibmdomino_web_access

6.0.3

ibmdomino_web_access

6.0.4

ibmdomino_web_access

6.0.5

ibmdomino_web_access

6.5

ibmdomino_web_access

6.5.1

ibmdomino_web_access

6.5.2

ibmdomino_web_access

6.5.3

ibmdomino_web_access

6.5.4

ibmdomino_web_access

6.5.5

ibmdomino_web_access

7.0

ibmdomino_web_access

7.0.1

ibmlotus_domino_web_access

7.0.1

ibmlotus_domino_web_access

7.0.34.1

Description

AI AnalysisPowered by AI

Affected Products

Available Exploits (4)

IBM Domino Web Access 7.0 Upload Module - 'inotes6.dll' Remote Buffer Overflow

IBM Domino Web Access Upload Module - 'dwa7w.dll' Remote Buffer Overflow

IBM Domino Web Access Upload Module - Overwrite (SEH)

IBM Lotus Domino Web Access Upload Module - Remote Buffer Overflow (Metasploit)

References