9.3

CVE-2007-4474

Exploit
Multiple stack-based buffer overflows in the IBM Lotus Domino Web Access ActiveX control, as provided by inotes6.dll, inotes6w.dll, dwa7.dll, and dwa7w.dll, in Domino 6.x and 7.x allow remote attackers to execute arbitrary code, as demonstrated by an overflow from a long General_ServerName property value when calling the InstallBrowserHelperDll function in the Upload Module in the dwa7.dwa7.1 control in dwa7w.dll 7.0.34.1.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
IbmDomino Web Access Version6.0
IbmDomino Web Access Version6.0.1
IbmDomino Web Access Version6.0.1.1
IbmDomino Web Access Version6.0.2
IbmDomino Web Access Version6.0.3
IbmDomino Web Access Version6.0.4
IbmDomino Web Access Version6.0.5
IbmDomino Web Access Version6.5
IbmDomino Web Access Version6.5.1
IbmDomino Web Access Version6.5.2
IbmDomino Web Access Version6.5.3
IbmDomino Web Access Version6.5.4
IbmDomino Web Access Version6.5.5
IbmDomino Web Access Version7.0
IbmDomino Web Access Version7.0.1
IbmLotus Domino Web Access Version7.0.1
IbmLotus Domino Web Access Version7.0.34.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 44.18% 0.986
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.3 8.6 10
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://lists.grok.org.uk/pipermail/full-disclosure/2007-December/059233.html
Exploit
http://osvdb.org/40954
http://secunia.com/advisories/28184
Vendor Advisory
http://www.kb.cert.org/vuls/id/963889
US Government Resource
http://www.securityfocus.com/bid/26972
Exploit
http://www.securitytracker.com/id?1019138
http://www.vupen.com/english/advisories/2007/4296
https://exchange.xforce.ibmcloud.com/vulnerabilities/39175
https://www.exploit-db.com/exploits/4818
https://www.exploit-db.com/exploits/4820
https://www.exploit-db.com/exploits/5111