Vulnerability Details : CVE-2007-4474
Public exploit exists!
Multiple stack-based buffer overflows in the IBM Lotus Domino Web Access ActiveX control, as provided by inotes6.dll, inotes6w.dll, dwa7.dll, and dwa7w.dll, in Domino 6.x and 7.x allow remote attackers to execute arbitrary code, as demonstrated by an overflow from a long General_ServerName property value when calling the InstallBrowserHelperDll function in the Upload Module in the dwa7.dwa7.1 control in dwa7w.dll 7.0.34.1.
Vulnerability category: OverflowExecute code
Products affected by CVE-2007-4474
- cpe:2.3:a:ibm:lotus_domino_web_access:7.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_domino_web_access:7.0.34.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:domino_web_access:6.0.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:domino_web_access:6.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:domino_web_access:6.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:domino_web_access:6.5.4:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:domino_web_access:6.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:domino_web_access:6.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:domino_web_access:6.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:domino_web_access:6.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:domino_web_access:6.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:domino_web_access:6.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:domino_web_access:6.5.5:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:domino_web_access:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:domino_web_access:6.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:domino_web_access:6.5:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:domino_web_access:7.0.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2007-4474
87.47%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 99 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2007-4474
-
IBM Lotus Domino Web Access Upload Module Buffer Overflow
Disclosure Date: 2007-12-20First seen: 2020-04-26exploit/windows/browser/ibmlotusdomino_dwa_uploadmoduleThis module exploits a stack buffer overflow in IBM Lotus Domino Web Access Upload Module. By sending an overly long string to the "General_ServerName()" property located in the dwa7w.dll and the inotes6w.dll control, an attacker may be able to execute arbitrary co
CVSS scores for CVE-2007-4474
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
CWE ids for CVE-2007-4474
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2007-4474
-
http://www.securityfocus.com/bid/26972
IBM Lotus Domino Web Access ActiveX Control Memory Corruption VulnerabilitiesExploit
-
https://www.exploit-db.com/exploits/4820
IBM Domino Web Access Upload Module - 'dwa7w.dll' Remote Buffer Overflow - Windows remote Exploit
-
http://www.vupen.com/english/advisories/2007/4296
-
https://www.exploit-db.com/exploits/4818
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/39175
-
http://www.securitytracker.com/id?1019138
-
http://www.kb.cert.org/vuls/id/963889
US Government Resource
-
http://lists.grok.org.uk/pipermail/full-disclosure/2007-December/059233.html
Exploit
-
https://www.exploit-db.com/exploits/5111
Jump to