Lucene search

K
saintSAINT CorporationSAINT:85DE6BFD406EB57D3FE7B39D4BE170B2
HistoryDec 31, 2007 - 12:00 a.m.

Lotus Domino Web Access ActiveX control dwa7w.dll buffer overflow

2007-12-3100:00:00
SAINT Corporation
my.saintcorporation.com
13

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.971 High

EPSS

Percentile

99.8%

Added: 12/31/2007
CVE: CVE-2007-4474
BID: 26972
OSVDB: 40954

Background

Lotus Domino Web Access provides capabilities similar to those of the Lotus Notes client, delivered through a web browser.

Problem

A buffer overflow vulnerability in the Lotus Domino Web Access ActiveX control in the **dwa7w.dll** library allows command execution when a user loads a web page which calls the **InstallBrowserHelperDll** function with a long, specially crafted **General_ServerName** argument.

Resolution

Apply a fix from the vendor when available, or set the kill bits for the following two Class IDs as described in Microsoft Knowledge Base article 240797:

  • {3BFFE033-BF43-11d5-A271-00A024A51325}
  • {E008A543-CEFB-4559-912F-C27C2B89F13B}

References

<http://www.kb.cert.org/vuls/id/963889&gt;

Limitations

Exploit works on the Lotus Domino Web Access ActiveX control which is part of Lotus Domino 7.0 and requires a user to load the exploit page in Internet Explorer.

Platforms

Windows

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.971 High

EPSS

Percentile

99.8%