Stack-based buffer overflow in the MailCheck821Address function in nnotes.dll in the nrouter.exe service in the server in IBM Lotus Domino 8.0.x before 8.0.2 FP5 and 8.5.x before 8.5.1 FP2 allows remote attackers to execute arbitrary code via a long e-mail address in an ORGANIZER:mailto header in an iCalendar calendar-invitation e-mail message, aka SPR NRBY7ZPJ9V.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:M/Au:N/C:C/I:C/A:C
Vendors Products
Ibm
  • Lotus Domino

Configuration 1 [-]

OR cpe:2.3:a:ibm:lotus_domino:8.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:lotus_domino:8.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:lotus_domino:8.0.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:lotus_domino:8.0.2.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:lotus_domino:8.0.2.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:lotus_domino:8.0.2.3:*:*:*:*:*:*:*
cpe:2.3:a:ibm:lotus_domino:8.0.2.4:*:*:*:*:*:*:*
cpe:2.3:a:ibm:lotus_domino:8.5.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:lotus_domino:8.5.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:lotus_domino:8.5.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:lotus_domino:8.5.1.1:*:*:*:*:*:*:*
References
Link Resource
http://labs.mwrinfosecurity.com/advisories/lotus_domino_ical_stack_buffer_overflow/
http://labs.mwrinfosecurity.com/files/Advisories/mwri_lotus-domino-ical-stack-overflow_2010-09-14.pdf Exploit
http://secunia.com/advisories/41433 Vendor Advisory
http://securitytracker.com/id?1024448
http://www-01.ibm.com/support/docview.wss?uid=swg21446515 Vendor Advisory
http://www-10.lotus.com/ldd/r5fixlist.nsf/8d1c0550e6242b69852570c900549a74/52f9218288b51dcb852576c600741f72?OpenDocument Vendor Advisory
http://www-10.lotus.com/ldd/r5fixlist.nsf/8d1c0550e6242b69852570c900549a74/613a204806e3f211852576e2006afa3d?OpenDocument Vendor Advisory
http://www-10.lotus.com/ldd/r5fixlist.nsf/8d1c0550e6242b69852570c900549a74/af36678d60bd74288525778400534d7c?OpenDocument Vendor Advisory
http://www.exploit-db.com/exploits/15005
http://www.securityfocus.com/archive/1/513706/100/0/threaded
http://www.securityfocus.com/bid/43219
http://www.vupen.com/english/advisories/2010/2381 Vendor Advisory
http://www.zerodayinitiative.com/advisories/ZDI-10-177/
https://exchange.xforce.ibmcloud.com/vulnerabilities/61790
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2010-09-16T20:00:00

Updated: 2018-10-10T18:57:01

Reserved: 2010-09-16T00:00:00

Link: CVE-2010-3407

JSON object: View

cve-icon NVD Information

Status : Modified

Published: 2010-09-16T21:00:02.233

Modified: 2018-10-10T20:01:47.303

Link: CVE-2010-3407

JSON object: View

cve-icon Redhat Information

No data.

CWE