IBM Lotus Domino iCalendar Email Address Stack Buffer Overflow Vulnerability

Product Lotus Domino Server
Severity High
CVE Reference N/A
Type IBM Lotus Domino iCalendar Email Address Stack Buffer Overflow Vulnerability

An unauthenticated remote code execution vulnerability was identified in the code handling the conversion and checking of an iCalendar email address parameter. An overly large email address string can lead to the overflow of a stack allocated buffer due to insufficient bounds checking when a CStrcpy (string copy) is performed. A remote, unauthenticated attacker could execute code in the context of the Lotus Domino server process (nrouter.exe) by sending a specially crafted malicious email to the Lotus Domino SMTP server.