// For flags

CVE-2010-3407

IBM Lotus Domino iCalendar - Email Address Stack Buffer Overflow

Severity Score

9.3
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

4
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Stack-based buffer overflow in the MailCheck821Address function in nnotes.dll in the nrouter.exe service in the server in IBM Lotus Domino 8.0.x before 8.0.2 FP5 and 8.5.x before 8.5.1 FP2 allows remote attackers to execute arbitrary code via a long e-mail address in an ORGANIZER:mailto header in an iCalendar calendar-invitation e-mail message, aka SPR NRBY7ZPJ9V.

Desbordamiento de búfer basado en pila en la función MailCheck821Address en nnotes.dll en el servicio nrouter.exe en el servidor IBM Lotus Domino v8.0.x anterior a v8.0.2 FP5 y v8.5.x anterior a v8.5.1 FP2 permite a atacantes remotos ejecutar código a su elección a través de una dirección de correo electrónico larga en un encabezado ORGANIZER:mailto en una mensaje de correo de invitación de calendario iCalendar, también conocido como SPR NRBY7ZPJ9V.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2010-09-14 First Exploit
  • 2010-09-16 CVE Reserved
  • 2010-09-16 CVE Published
  • 2024-08-07 CVE Updated
  • 2024-11-03 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Ibm
Search vendor "Ibm"
Lotus Domino
Search vendor "Ibm" for product "Lotus Domino"
8.0
Search vendor "Ibm" for product "Lotus Domino" and version "8.0"
-
Affected
Ibm
Search vendor "Ibm"
Lotus Domino
Search vendor "Ibm" for product "Lotus Domino"
8.0.1
Search vendor "Ibm" for product "Lotus Domino" and version "8.0.1"
-
Affected
Ibm
Search vendor "Ibm"
Lotus Domino
Search vendor "Ibm" for product "Lotus Domino"
8.0.2
Search vendor "Ibm" for product "Lotus Domino" and version "8.0.2"
-
Affected
Ibm
Search vendor "Ibm"
Lotus Domino
Search vendor "Ibm" for product "Lotus Domino"
8.0.2.1
Search vendor "Ibm" for product "Lotus Domino" and version "8.0.2.1"
-
Affected
Ibm
Search vendor "Ibm"
Lotus Domino
Search vendor "Ibm" for product "Lotus Domino"
8.0.2.2
Search vendor "Ibm" for product "Lotus Domino" and version "8.0.2.2"
-
Affected
Ibm
Search vendor "Ibm"
Lotus Domino
Search vendor "Ibm" for product "Lotus Domino"
8.0.2.3
Search vendor "Ibm" for product "Lotus Domino" and version "8.0.2.3"
-
Affected
Ibm
Search vendor "Ibm"
Lotus Domino
Search vendor "Ibm" for product "Lotus Domino"
8.0.2.4
Search vendor "Ibm" for product "Lotus Domino" and version "8.0.2.4"
-
Affected
Ibm
Search vendor "Ibm"
Lotus Domino
Search vendor "Ibm" for product "Lotus Domino"
8.5.0
Search vendor "Ibm" for product "Lotus Domino" and version "8.5.0"
-
Affected
Ibm
Search vendor "Ibm"
Lotus Domino
Search vendor "Ibm" for product "Lotus Domino"
8.5.0.1
Search vendor "Ibm" for product "Lotus Domino" and version "8.5.0.1"
-
Affected
Ibm
Search vendor "Ibm"
Lotus Domino
Search vendor "Ibm" for product "Lotus Domino"
8.5.1
Search vendor "Ibm" for product "Lotus Domino" and version "8.5.1"
-
Affected
Ibm
Search vendor "Ibm"
Lotus Domino
Search vendor "Ibm" for product "Lotus Domino"
8.5.1.1
Search vendor "Ibm" for product "Lotus Domino" and version "8.5.1.1"
-
Affected