Lucene search
SAINT CorporationSAINT:40796377B4B8B88F317960E194C25F73HistorySep 24, 2010 - 12:00 a.m.
Lotus Domino nrouter.exe iCalendar MAILTO buffer overflow
2010-09-2400:00:00
SAINT Corporation
download.saintcorporation.com
26
EPSS
0.928
Percentile
99.1%
Added: 09/24/2010
CVE: CVE-2010-3407
BID: 43219
OSVDB: 68040
Background
IBM Lotus Domino is a messaging and collaboration solution for multiple platforms.
Problem
A buffer overflow in the nrouter.exe service allows remote attackers to execute arbitrary commands by sending an iCalendar message containing a long, specially crafted MAILTO header to an e-mail address on the server.
Resolution
Upgrade to Lotus Domino 8.0.2 Fix Pack 5, 8.5.1 Fix Pack 2, or 8.5.2 or higher.
References
<http://www-01.ibm.com/support/docview.wss?uid=swg21446515>
<http://www.zerodayinitiative.com/advisories/ZDI-10-177/>
Limitations
Exploit works on Lotus Domino 8.5 and requires the e-mail address of a valid mailbox on the server.
Platforms
Windows
Related
metasploit
metasploit
IBM Lotus Domino iCalendar MAILTO Buffer Overflow
2011-04-04 17:43:34
saint
saint
Lotus Domino nrouter.exe iCalendar MAILTO buffer overflow
2010-09-24 00:00:00
Lotus Domino nrouter.exe iCalendar MAILTO buffer overflow
2010-09-24 00:00:00
Lotus Domino nrouter.exe iCalendar MAILTO buffer overflow
2010-09-24 00:00:00
prion
prion
Stack overflow
2010-09-16 21:00:00
openvas
openvas
IBM Lotus Domino iCalendar Remote Stack Buffer Overflow Vulnerability
2010-09-29 00:00:00
nessus
nessus
d2
d2
DSquare Exploit Pack: D2SEC_LOTUSCAL
2010-09-16 21:00:00
packetstorm
packetstorm
IBM Lotus Domino iCalendar MAILTO Buffer Overflow
2011-04-06 00:00:00
exploitdb
exploitdb
IBM Lotus Domino iCalendar - Email Address Stack Buffer Overflow
2010-09-14 00:00:00
IBM Lotus Domino iCalendar - MAILTO Buffer Overflow (Metasploit)
2011-04-04 00:00:00
cvelist
cvelist
CVE-2010-3407
2010-09-16 20:00:00
nvd
nvd
CVE-2010-3407
2010-09-16 21:00:02
cve
cve
CVE-2010-3407
2010-09-16 21:00:02