CVE-2010-3407

Sažetak

Stack-based buffer overflow in the MailCheck821Address function in nnotes.dll in the nrouter.exe service in the server in IBM Lotus Domino 8.0.x before 8.0.2 FP5 and 8.5.x before 8.5.1 FP2 allows remote attackers to execute arbitrary code via a long e-mail address in an ORGANIZER:mailto header in an iCalendar calendar-invitation e-mail message, aka SPR NRBY7ZPJ9V.

Reference

http://labs.mwrinfosecurity.com/advisories/lotus_domino_ical_stack_buffer_overflow/
http://labs.mwrinfosecurity.com/files/Advisories/mwri_lotus-domino-ical-stack-overflow_2010-09-14.pdf
http://secunia.com/advisories/41433
http://securitytracker.com/id?1024448
http://www.exploit-db.com/exploits/15005
http://www.securityfocus.com/archive/1/513706/100/0/threaded
http://www.securityfocus.com/bid/43219
http://www.vupen.com/english/advisories/2010/2381
http://www.zerodayinitiative.com/advisories/ZDI-10-177/
http://www-01.ibm.com/support/docview.wss?uid=swg21446515
http://www-10.lotus.com/ldd/r5fixlist.nsf/8d1c0550e6242b69852570c900549a74/52f9218288b51dcb852576c600741f72?OpenDocument
http://www-10.lotus.com/ldd/r5fixlist.nsf/8d1c0550e6242b69852570c900549a74/613a204806e3f211852576e2006afa3d?OpenDocument
http://www-10.lotus.com/ldd/r5fixlist.nsf/8d1c0550e6242b69852570c900549a74/af36678d60bd74288525778400534d7c?OpenDocument
https://exchange.xforce.ibmcloud.com/vulnerabilities/61790

CVSS

Base:	9.3
Impact:	10.0
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:M/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

10-10-2018 - 20:01

Objavljeno

16-09-2010 - 21:00