1. Home
  2. CVE Database
  3. CVE-2007-4474
HIGH · 9.3

CVE-2007-4474

Multiple stack-based buffer overflows in the IBM Lotus Domino Web Access ActiveX control, as provided by inotes6.dll, inotes6w.dll, dwa7.dll, and dwa7w.dll, in Domino 6.x and 7.x allow remote attacker...

Vulnerability Description

Multiple stack-based buffer overflows in the IBM Lotus Domino Web Access ActiveX control, as provided by inotes6.dll, inotes6w.dll, dwa7.dll, and dwa7w.dll, in Domino 6.x and 7.x allow remote attackers to execute arbitrary code, as demonstrated by an overflow from a long General_ServerName property value when calling the InstallBrowserHelperDll function in the Upload Module in the dwa7.dwa7.1 control in dwa7w.dll 7.0.34.1.

CVSS Score

9.3

HIGH

AV:N/AC:M/Au:N/C:C/I:C/A:C
Confidentiality
COMPLETE
Integrity
COMPLETE
Availability
COMPLETE

Affected Products

VendorProductVersions
IbmDomino Web Access6.0
IbmLotus Domino Web Access7.0.1

Related Weaknesses (CWE)

CWE-119

References

FAQ

What is CVE-2007-4474?

CVE-2007-4474 is a vulnerability with a CVSS score of 9.3 (HIGH). Multiple stack-based buffer overflows in the IBM Lotus Domino Web Access ActiveX control, as provided by inotes6.dll, inotes6w.dll, dwa7.dll, and dwa7w.dll, in Domino 6.x and 7.x allow remote attacker...

How severe is CVE-2007-4474?

CVE-2007-4474 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2007-4474?

Check the references section above for vendor advisories and patch information. Affected products include: Ibm Domino Web Access, Ibm Lotus Domino Web Access.