EDB-4818
remotewindowsVERIFIED
IBM Domino Web Access 7.0 Upload Module - 'inotes6.dll' Remote Buffer Overflow
CVE-2007-4474
Elazar12/30/2007
CVE-2007-4474
NONEMultiple stack-based buffer overflows in the IBM Lotus Domino Web Access ActiveX control, as provided by inotes6.dll, inotes6w.dll, dwa7.dll, and dwa7w.dll, in Domino 6.x and 7.x allow remote attacker
게시됨: 12/27/2007업데이트됨: 4/9/2025
설명
Multiple stack-based buffer overflows in the IBM Lotus Domino Web Access ActiveX control, as provided by inotes6.dll, inotes6w.dll, dwa7.dll, and dwa7w.dll, in Domino 6.x and 7.x allow remote attackers to execute arbitrary code, as demonstrated by an overflow from a long General_ServerName property value when calling the InstallBrowserHelperDll function in the Upload Module in the dwa7.dwa7.1 control in dwa7w.dll 7.0.34.1.
AI 분석AI 기반
영향받는 제품
ibmdomino_web_access
6.0
ibmdomino_web_access
6.0.1
ibmdomino_web_access
6.0.1.1
ibmdomino_web_access
6.0.2
ibmdomino_web_access
6.0.3
ibmdomino_web_access
6.0.4
ibmdomino_web_access
6.0.5
ibmdomino_web_access
6.5
ibmdomino_web_access
6.5.1
ibmdomino_web_access
6.5.2
ibmdomino_web_access
6.5.3
ibmdomino_web_access
6.5.4
ibmdomino_web_access
6.5.5
ibmdomino_web_access
7.0
ibmdomino_web_access
7.0.1
ibmlotus_domino_web_access
7.0.1
ibmlotus_domino_web_access
7.0.34.1
사용 가능한 익스플로잇 (4)
EDB-4820
remotewindowsVERIFIED
IBM Domino Web Access Upload Module - 'dwa7w.dll' Remote Buffer Overflow
CVE-2007-4474
Elazar12/30/2007
EDB-5111
remotewindowsVERIFIED
IBM Domino Web Access Upload Module - Overwrite (SEH)
CVE-2007-4474
Elazar2/13/2008
EDB-16502
remotewindowsVERIFIED
IBM Lotus Domino Web Access Upload Module - Remote Buffer Overflow (Metasploit)
CVE-2007-4474
Metasploit9/20/2010
참조
- http://lists.grok.org.uk/pipermail/full-disclosure/2007-December/059233.htmlExploit
- http://osvdb.org/40954
- http://secunia.com/advisories/28184Vendor Advisory
- http://www.kb.cert.org/vuls/id/963889US Government Resource
- http://www.securityfocus.com/bid/26972Exploit
- http://www.securitytracker.com/id?1019138
- http://www.vupen.com/english/advisories/2007/4296
- https://exchange.xforce.ibmcloud.com/vulnerabilities/39175
- https://www.exploit-db.com/exploits/4818
- https://www.exploit-db.com/exploits/4820
- https://www.exploit-db.com/exploits/5111
- http://lists.grok.org.uk/pipermail/full-disclosure/2007-December/059233.htmlExploit
- http://osvdb.org/40954
- http://secunia.com/advisories/28184Vendor Advisory
- http://www.kb.cert.org/vuls/id/963889US Government Resource
- http://www.securityfocus.com/bid/26972Exploit
- http://www.securitytracker.com/id?1019138
- http://www.vupen.com/english/advisories/2007/4296
- https://exchange.xforce.ibmcloud.com/vulnerabilities/39175
- https://www.exploit-db.com/exploits/4818