Added: 12/31/2007
CVE: CVE-2007-4474
BID: 26972
OSVDB: 40954
Lotus Domino Web Access provides capabilities similar to those of the Lotus Notes client, delivered through a web browser.
A buffer overflow vulnerability in the Lotus Domino Web Access ActiveX control in the **dwa7w.dll**
library allows command execution when a user loads a web page which calls the **InstallBrowserHelperDll**
function with a long, specially crafted **General_ServerName**
argument.
Apply a fix from the vendor when available, or set the kill bits for the following two Class IDs as described in Microsoft Knowledge Base article 240797:
<http://www.kb.cert.org/vuls/id/963889>
Exploit works on the Lotus Domino Web Access ActiveX control which is part of Lotus Domino 7.0 and requires a user to load the exploit page in Internet Explorer.
Windows