CVE-2010-3407
IBM Lotus Domino iCalendar - Email Address Stack Buffer Overflow
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
4Exploited in Wild
-Decision
Descriptions
Stack-based buffer overflow in the MailCheck821Address function in nnotes.dll in the nrouter.exe service in the server in IBM Lotus Domino 8.0.x before 8.0.2 FP5 and 8.5.x before 8.5.1 FP2 allows remote attackers to execute arbitrary code via a long e-mail address in an ORGANIZER:mailto header in an iCalendar calendar-invitation e-mail message, aka SPR NRBY7ZPJ9V.
Desbordamiento de búfer basado en pila en la función MailCheck821Address en nnotes.dll en el servicio nrouter.exe en el servidor IBM Lotus Domino v8.0.x anterior a v8.0.2 FP5 y v8.5.x anterior a v8.5.1 FP2 permite a atacantes remotos ejecutar código a su elección a través de una dirección de correo electrónico larga en un encabezado ORGANIZER:mailto en una mensaje de correo de invitación de calendario iCalendar, también conocido como SPR NRBY7ZPJ9V.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2010-09-14 First Exploit
- 2010-09-16 CVE Reserved
- 2010-09-16 CVE Published
- 2024-08-07 CVE Updated
- 2024-11-03 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (16)
URL | Tag | Source |
---|---|---|
http://labs.mwrinfosecurity.com/advisories/lotus_domino_ical_stack_buffer_overflow | X_refsource_confirm | |
http://securitytracker.com/id?1024448 | Vdb Entry | |
http://www.securityfocus.com/archive/1/513706/100/0/threaded | Mailing List | |
http://www.securityfocus.com/bid/43219 | Vdb Entry | |
http://www.zerodayinitiative.com/advisories/ZDI-10-177 | X_refsource_misc | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/61790 | Vdb Entry |
URL | Date | SRC |
---|---|---|
https://www.exploit-db.com/exploits/15005 | 2010-09-14 | |
https://www.exploit-db.com/exploits/17151 | 2011-04-04 | |
http://labs.mwrinfosecurity.com/files/Advisories/mwri_lotus-domino-ical-stack-overflow_2010-09-14.pdf | 2024-08-07 | |
http://www.exploit-db.com/exploits/15005 | 2024-08-07 |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Ibm Search vendor "Ibm" | Lotus Domino Search vendor "Ibm" for product "Lotus Domino" | 8.0 Search vendor "Ibm" for product "Lotus Domino" and version "8.0" | - |
Affected
| ||||||
Ibm Search vendor "Ibm" | Lotus Domino Search vendor "Ibm" for product "Lotus Domino" | 8.0.1 Search vendor "Ibm" for product "Lotus Domino" and version "8.0.1" | - |
Affected
| ||||||
Ibm Search vendor "Ibm" | Lotus Domino Search vendor "Ibm" for product "Lotus Domino" | 8.0.2 Search vendor "Ibm" for product "Lotus Domino" and version "8.0.2" | - |
Affected
| ||||||
Ibm Search vendor "Ibm" | Lotus Domino Search vendor "Ibm" for product "Lotus Domino" | 8.0.2.1 Search vendor "Ibm" for product "Lotus Domino" and version "8.0.2.1" | - |
Affected
| ||||||
Ibm Search vendor "Ibm" | Lotus Domino Search vendor "Ibm" for product "Lotus Domino" | 8.0.2.2 Search vendor "Ibm" for product "Lotus Domino" and version "8.0.2.2" | - |
Affected
| ||||||
Ibm Search vendor "Ibm" | Lotus Domino Search vendor "Ibm" for product "Lotus Domino" | 8.0.2.3 Search vendor "Ibm" for product "Lotus Domino" and version "8.0.2.3" | - |
Affected
| ||||||
Ibm Search vendor "Ibm" | Lotus Domino Search vendor "Ibm" for product "Lotus Domino" | 8.0.2.4 Search vendor "Ibm" for product "Lotus Domino" and version "8.0.2.4" | - |
Affected
| ||||||
Ibm Search vendor "Ibm" | Lotus Domino Search vendor "Ibm" for product "Lotus Domino" | 8.5.0 Search vendor "Ibm" for product "Lotus Domino" and version "8.5.0" | - |
Affected
| ||||||
Ibm Search vendor "Ibm" | Lotus Domino Search vendor "Ibm" for product "Lotus Domino" | 8.5.0.1 Search vendor "Ibm" for product "Lotus Domino" and version "8.5.0.1" | - |
Affected
| ||||||
Ibm Search vendor "Ibm" | Lotus Domino Search vendor "Ibm" for product "Lotus Domino" | 8.5.1 Search vendor "Ibm" for product "Lotus Domino" and version "8.5.1" | - |
Affected
| ||||||
Ibm Search vendor "Ibm" | Lotus Domino Search vendor "Ibm" for product "Lotus Domino" | 8.5.1.1 Search vendor "Ibm" for product "Lotus Domino" and version "8.5.1.1" | - |
Affected
|