Lotus Domino Web Access ActiveX control dwa7w.dll buffer overflow

Added: 12/31/2007
CVE: CVE-2007-4474
BID: 26972
OSVDB: 40954

Background

Lotus Domino Web Access provides capabilities similar to those of the Lotus Notes client, delivered through a web browser.

Problem

A buffer overflow vulnerability in the Lotus Domino Web Access ActiveX control in the **dwa7w.dll** library allows command execution when a user loads a web page which calls the **InstallBrowserHelperDll** function with a long, specially crafted **General_ServerName** argument.

Resolution

Apply a fix from the vendor when available, or set the kill bits for the following two Class IDs as described in Microsoft Knowledge Base article 240797:

• {3BFFE033-BF43-11d5-A271-00A024A51325}
• {E008A543-CEFB-4559-912F-C27C2B89F13B}

References

<http://www.kb.cert.org/vuls/id/963889&gt;

Limitations

Exploit works on the Lotus Domino Web Access ActiveX control which is part of Lotus Domino 7.0 and requires a user to load the exploit page in Internet Explorer.

Platforms

Windows