SecPod SCAP Repo, a repository of SCAP Content (CVE, CCE, CPE, CWE, OVAL and XCCDF)

Download | Alert*

CVE

CVE-2010-3407

Stack-based buffer overflow in the MailCheck821Address function in nnotes.dll in the nrouter.exe service in the server in IBM Lotus Domino 8.0.x before 8.0.2 FP5 and 8.5.x before 8.5.1 FP2 allows remote attackers to execute arbitrary code via a long e-mail address in an ORGANIZER:mailto header in an iCalendar calendar-invitation e-mail message, aka SPR NRBY7ZPJ9V.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 9.3
Exploit Score: 8.6
Impact Score: 10.0

CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE

Reference:

SECTRACK-1024448

EXPLOIT-DB-15005

http://www.securityfocus.com/archive/1/513706/100/0/threaded

SECUNIA-41433

BID-43219

ADV-2010-2381

http://labs.mwrinfosecurity.com/advisories/lotus_domino_ical_stack_buffer_overflow/

http://labs.mwrinfosecurity.com/files/Advisories/mwri_lotus-domino-ical-stack-overflow_2010-09-14.pdf

http://www-01.ibm.com/support/docview.wss?uid=swg21446515

http://www-10.lotus.com/ldd/r5fixlist.nsf/8d1c0550e6242b69852570c900549a74/52f9218288b51dcb852576c600741f72?OpenDocument

http://www-10.lotus.com/ldd/r5fixlist.nsf/8d1c0550e6242b69852570c900549a74/613a204806e3f211852576e2006afa3d?OpenDocument

http://www-10.lotus.com/ldd/r5fixlist.nsf/8d1c0550e6242b69852570c900549a74/af36678d60bd74288525778400534d7c?OpenDocument

http://www.zerodayinitiative.com/advisories/ZDI-10-177/

lotus-domino-icalendar-bo(61790)


30479



423868



248268



909



195051



282