SAINT CorporationSAINT:85DE6BFD406EB57D3FE7B39D4BE170B2Lotus Domino Web Access ActiveX control dwa7w.dll buffer overflow
9.3 High
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.971 High
EPSS
Percentile
99.8%
Added: 12/31/2007
CVE: CVE-2007-4474
BID: 26972
OSVDB: 40954
Background
Lotus Domino Web Access provides capabilities similar to those of the Lotus Notes client, delivered through a web browser.
Problem
A buffer overflow vulnerability in the Lotus Domino Web Access ActiveX control in the **dwa7w.dll** library allows command execution when a user loads a web page which calls the **InstallBrowserHelperDll** function with a long, specially crafted **General_ServerName** argument.
Resolution
Apply a fix from the vendor when available, or set the kill bits for the following two Class IDs as described in Microsoft Knowledge Base article 240797:
- {3BFFE033-BF43-11d5-A271-00A024A51325}
- {E008A543-CEFB-4559-912F-C27C2B89F13B}
References
<http://www.kb.cert.org/vuls/id/963889>
Limitations
Exploit works on the Lotus Domino Web Access ActiveX control which is part of Lotus Domino 7.0 and requires a user to load the exploit page in Internet Explorer.
Platforms
Windows
Related
9.3 High
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.971 High
EPSS
Percentile
99.8%