CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
99.1%
Added: 09/24/2010
CVE: CVE-2010-3407
BID: 43219
OSVDB: 68040
IBM Lotus Domino is a messaging and collaboration solution for multiple platforms.
A buffer overflow in the nrouter.exe service allows remote attackers to execute arbitrary commands by sending an iCalendar message containing a long, specially crafted MAILTO header to an e-mail address on the server.
Upgrade to Lotus Domino 8.0.2 Fix Pack 5, 8.5.1 Fix Pack 2, or 8.5.2 or higher.
<http://www-01.ibm.com/support/docview.wss?uid=swg21446515>
<http://www.zerodayinitiative.com/advisories/ZDI-10-177/>
Exploit works on Lotus Domino 8.5 and requires the e-mail address of a valid mailbox on the server.
Windows