CVE-2010-3407
IBM Lotus Domino <8.0.2 FP5-8.5.1 FP2 - RCE
Title source: llmDescription
Stack-based buffer overflow in the MailCheck821Address function in nnotes.dll in the nrouter.exe service in the server in IBM Lotus Domino 8.0.x before 8.0.2 FP5 and 8.5.x before 8.5.1 FP2 allows remote attackers to execute arbitrary code via a long e-mail address in an ORGANIZER:mailto header in an iCalendar calendar-invitation e-mail message, aka SPR NRBY7ZPJ9V.
Exploits (3)
exploitdb
WORKING POC
VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/17151
exploitdb
WORKING POC
VERIFIED
by A. Plaskett · textremotemultiple
https://www.exploit-db.com/exploits/15005
metasploit
WORKING POC
NORMAL
by A. Plaskett, sinn3r · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/lotus/domino_icalendar_organizer.rb
References (14)
Scores
EPSS
0.7774
EPSS Percentile
99.0%
Details
CWE
CWE-119
Status
published
Products (11)
ibm/lotus_domino
8.0
ibm/lotus_domino
8.0.1
ibm/lotus_domino
8.0.2
ibm/lotus_domino
8.0.2.1
ibm/lotus_domino
8.0.2.2
ibm/lotus_domino
8.0.2.3
ibm/lotus_domino
8.0.2.4
ibm/lotus_domino
8.5.0
ibm/lotus_domino
8.5.0.1
ibm/lotus_domino
8.5.1
... and 1 more
Published
Sep 16, 2010
Tracked Since
Feb 18, 2026