Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2010-3407Improper Restriction of Operations within the Bounds of a Memory Buffer in IBM Lotus Domino

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer5 documents4 sources
Severity
9.3CRITICALNVD
EPSS
77.7%
top 1.00%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
IBM Lotus Domino
Timeline
PublishedSep 16
Latest updateMay 14

Description

Stack-based buffer overflow in the MailCheck821Address function in nnotes.dll in the nrouter.exe service in the server in IBM Lotus Domino 8.0.x before 8.0.2 FP5 and 8.5.x before 8.5.1 FP2 allows remote attackers to execute arbitrary code via a long e-mail address in an ORGANIZER:mailto header in an iCalendar calendar-invitation e-mail message, aka SPR NRBY7ZPJ9V.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

NVDibm/lotus_domino11 versions+10

🔴Vulnerability Details

2
GHSA
GHSA-2g3x-26wj-3wgm: Stack-based buffer overflow in the MailCheck821Address function in nnotes2022-05-14
CVEList
CVE-2010-3407: Stack-based buffer overflow in the MailCheck821Address function in nnotes2010-09-16

💥Exploits & PoCs

2
Exploit-DB
IBM Lotus Domino iCalendar - MAILTO Buffer Overflow (Metasploit)2011-04-04
Exploit-DB
IBM Lotus Domino iCalendar - Email Address Stack Buffer Overflow2010-09-14
CVE-2010-3407 — IBM Lotus Domino vulnerability | cvebase