DLL Hijacking Vulnerability in IBM iNotes by IBM
CVE-2017-1711
7.8HIGH
Summary
IBM iNotes versions 8.5 and 9.0 are susceptible to a DLL hijacking vulnerability that allows an attacker to execute arbitrary code. This occurs when iNotes is tricked into loading a malicious DLL file disguised as a legitimate Windows DLL from the temp directory. Proper validation and security configurations are essential to prevent the exploitation of this vulnerability.
Affected Version(s)
Client Application Access 1.0.0.1
Client Application Access 1.0.1.1
Client Application Access 1.0.1.2
References
CVSS V3.1
Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved