IBM Lotus Domino iCalendar Email Address Stack Buffer Overflow Vulnerability
- Published: 14 Sep 2010
IBM Lotus Domino iCalendar Email Address Stack Buffer Overflow Vulnerability
Share
Type
- IBM Lotus Domino iCalendar Email Address Stack Buffer Overflow Vulnerability
Severity
- High
Affected products
- Lotus Domino Server
Date
- 2010-09-14
CVE Reference
- N/A
An unauthenticated remote code execution vulnerability was identified in the code handling the conversion and checking of an iCalendar email address parameter. An overly large email address string can lead to the overflow of a stack allocated buffer due to insufficient bounds checking when a CStrcpy (string copy) is performed. A remote, unauthenticated attacker could execute code in the context of the Lotus Domino server process (nrouter.exe) by sending a specially crafted malicious email to the Lotus Domino SMTP server.