CVE-2007-4474

Name of the Vulnerable Software and Affected Versions IBM Lotus Domino versions 6.x through 7.x

Description The issue is related to multiple stack-based buffer overflows in the IBM Lotus Domino Web Access ActiveX control. This can be exploited by remote attackers to execute arbitrary code. The overflow can occur from a long General ServerName property value when calling the InstallBrowserHelperDll function in the Upload Module.

Recommendations For versions 6.x through 7.x, consider disabling the InstallBrowserHelperDll function in the Upload Module as a temporary workaround until a patch is available. Restrict access to the ActiveX controls provided by inotes6.dll, inotes6w.dll, dwa7.dll, and dwa7w.dll to minimize the risk of exploitation. Avoid using long values for the General ServerName property in the affected control until the issue is resolved.