IBM Support

Stack buffer overflow vulnerability in Lotus Domino iCalendar functionality

Technote (troubleshooting)


MWR InfoSecurity and TippingPoint's Zero Day Initiative (ZDI) contacted IBM Lotus to report a potential buffer overflow vulnerability with the Lotus Domino iCalendar functionality.

It is possible to cause a buffer overflow situation based on the iCalendar content included in a calendar invitation.

To exploit this vulnerability, an attacker would have to send an iCalendar invitation with specific parameters. The vulnerability is exposed when the Domino server goes to process that content which could result in remote execution of code.

(Original publish date September 14, 2010. See "Change History" below.)

Resolving the problem

For related information, see the following advisories:

Recommended Fix

This issue was reported to Quality Engineering as SPR# NRBY7ZPJ9V. To address the issue, customers are encouraged to upgrade to the following releases:


There are no known workarounds.

Security Rating using Common Vulnerability Scoring System (CVSS) v2
CVSS Base Score: < 9.3 >
---- Impact Subscore: < 10 >
---- Exploitability Subscore: < 8.6 >
CVSS Temporal Score: < 7.3 >
CVSS Environmental Score: < Undefined* >
Overall CVSS Score: < 7.3 >
Base Score Metrics:
  • Related exploit range/Attack Vector: < Network >
  • Access Complexity: < Medium >
  • Authentication < None >
  • Confidentiality Impact: < Complete >
  • Integrity Impact: < Complete >
  • Availability Impact: < Complete >
Temporal Score Metrics:
  • Exploitability: < Proof of Concept Code >
  • Remediation Level: < Official Fix >
  • Report Confidence: < Confirmed >

*The CVSS Environment Score is customer environment-specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the referenced links.

Change History
10 October 2010 Updated product versions list.
14 September 2010 Initial publication.

Cross reference information
Segment Product Component Platform Version Edition
Messaging Applications IBM Notes Calendaring and Scheduling

Document information

More support for: IBM Domino

Software version: 6.5, 7.0, 8.0, 8.5, 8.5.1

Operating system(s): AIX, Linux, Solaris, Windows, z/OS

Reference #: 1446515

Modified date: 13 October 2010

Translate this page: