This module exploits a remote stack-based buffer overflow vulnerability in the Nrouter.exe component of IBM Lotus Domino when it parses a BMP images. This can be exploited by a remote, unauthenticated attacker to execute arbitrary code by sending a specially crafted e-mail to the Lotus Domino SMTP server. In order to make the Domino server parse the crafted e-mail message, you must supply any valid e-mail address within the target Lotus Domino domain. However, note that no user interaction is required in order to exploit the vulnerability. This module bypasses Data Execution Prevention.
CVE Link
Exploit Platform
Product Name