Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2007-4474 | First vendor Publication | 2007-12-27 |
Vendor | Cve | Last vendor Modification | 2017-09-29 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Multiple stack-based buffer overflows in the IBM Lotus Domino Web Access ActiveX control, as provided by inotes6.dll, inotes6w.dll, dwa7.dll, and dwa7w.dll, in Domino 6.x and 7.x allow remote attackers to execute arbitrary code, as demonstrated by an overflow from a long General_ServerName property value when calling the InstallBrowserHelperDll function in the Upload Module in the dwa7.dwa7.1 control in dwa7w.dll 7.0.34.1. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4474 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
CPE : Common Platform Enumeration
SAINT Exploits
Description | Link |
---|---|
Lotus Domino Web Access ActiveX control dwa7w.dll buffer overflow | More info here |
ExploitDB Exploits
id | Description |
---|---|
2008-02-13 | IBM Domino Web Access Upload Module - SEH Overwrite Exploit |
2007-12-30 | IBM Domino Web Access Upload Module dwa7w.dll BoF Exploit |
2007-12-30 | IBM Domino Web Access Upload Module inotes6.dll BoF Exploit |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
40954 | IBM Lotus Domino Web Access Upload Module (dwa7w.dll) Multiple ActiveX Genera... A boundary condition condition exists in the General_ServerName property which by passing an overly long string, and then making a call to the InstallBrowserHelperDll() the data is then copied into a fixed length buffer, thereby overwriting the SEH. |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | IBM Lotus Domino Web Access 7 ActiveX exploit attempt RuleID : 17466 - Revision : 14 - Type : BROWSER-PLUGINS |
2014-01-10 | IBM Lotus Domino Web Access ActiveX exploit attempt RuleID : 16671 - Revision : 15 - Type : BROWSER-PLUGINS |
2014-01-10 | IBM Lotus Domino Web Access 7 ActiveX function call unicode access RuleID : 13265 - Revision : 7 - Type : WEB-ACTIVEX |
2014-01-10 | IBM Lotus Domino Web Access 7 ActiveX function call access RuleID : 13264 - Revision : 14 - Type : BROWSER-PLUGINS |
2014-01-10 | IBM Lotus Domino Web Access 7 ActiveX clsid unicode access RuleID : 13263 - Revision : 7 - Type : WEB-ACTIVEX |
2014-01-10 | IBM Lotus Domino Web Access 7 ActiveX clsid access RuleID : 13262 - Revision : 15 - Type : BROWSER-PLUGINS |
2014-01-10 | IBM Lotus Domino Web Access 6 ActiveX function call unicode access RuleID : 13261 - Revision : 7 - Type : WEB-ACTIVEX |
2014-01-10 | IBM Lotus Domino Web Access 6 ActiveX function call access RuleID : 13260 - Revision : 14 - Type : BROWSER-PLUGINS |
2014-01-10 | IBM Lotus Domino Web Access 6 ActiveX clsid unicode access RuleID : 13259 - Revision : 7 - Type : WEB-ACTIVEX |
2014-01-10 | IBM Lotus Domino Web Access 6 ActiveX clsid access RuleID : 13258 - Revision : 15 - Type : BROWSER-PLUGINS |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2007-12-26 | Name : The remote Windows host has an ActiveX control that is affected by multiple b... File : domino_web_access_overflows.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2021-05-04 12:06:17 |
|
2021-04-22 01:06:50 |
|
2020-05-23 13:16:49 |
|
2020-05-23 00:20:19 |
|
2017-09-29 09:23:11 |
|
2017-07-29 12:02:28 |
|
2016-06-28 16:51:08 |
|
2016-04-26 16:31:01 |
|
2014-02-17 10:41:24 |
|
2014-01-19 21:24:23 |
|
2013-05-11 10:34:21 |
|