CVE-2007-4474
50Vexday Risk Score
Corrija em breve. Ela tem exploit funcional público.
ssvc Attendepss 44%
da publicação à arma998 dias
Publicada no NVD27 de dez.
1ª PoC+998d
metasploit20 de dez.
probabilidade de exploração
44%top 1% das CVEs
exploração observada
nãonenhuma fonte reporta
4 exploit(s) público(s)
Multiple stack-based buffer overflows in the IBM Lotus Domino Web Access ActiveX control, as provided by inotes6.dll, inotes6w.dll, dwa7.dll, and dwa7w.dll, in Domino 6.x and 7.x allow remote attackers to execute arbitrary code, as demonstrated by an overflow from a long General_ServerName property value when calling the InstallBrowserHelperDll function in the Upload Module in the dwa7.dwa7.1 control in dwa7w.dll 7.0.34.1.
Produtos afetados
n/a · n/aPoCs públicas encontradas — 4
cve_referencewww.exploit-db.com/exploits/4818não verificadocve_referencewww.exploit-db.com/exploits/4820não verificadocve_referencewww.exploit-db.com/exploits/5111não verificadoexploitdbwww.exploit-db.com/exploits/16502não verificado⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.
Referências
http://lists.grok.org.uk/pipermail/full-disclosure/2007-December/059233.htmlhttp://osvdb.org/40954http://secunia.com/advisories/28184https://exchange.xforce.ibmcloud.com/vulnerabilities/39175https://www.exploit-db.com/exploits/4818https://www.exploit-db.com/exploits/4820https://www.exploit-db.com/exploits/5111http://www.kb.cert.org/vuls/id/963889http://www.securityfocus.com/bid/26972http://www.securitytracker.com/id?1019138http://www.vupen.com/english/advisories/2007/4296