| Product | Lotus Domino Server |
| Severity | High |
| CVE Reference | N/A |
| Type | IBM Lotus Domino iCalendar Email Address Stack Buffer Overflow Vulnerability |
An unauthenticated remote code execution vulnerability was identified in the code handling the conversion and checking of an iCalendar email address parameter. An overly large email address string can lead to the overflow of a stack allocated buffer due to insufficient bounds checking when a CStrcpy (string copy) is performed. A remote, unauthenticated attacker could execute code in the context of the Lotus Domino server process (nrouter.exe) by sending a specially crafted malicious email to the Lotus Domino SMTP server.