DLL Hijacking Vulnerability in IBM iNotes by IBM
CVE-2017-1711

7.8HIGH

Key Information:

Vendor
IBM
Status
Client Application Access
Notes
Vendor
CVE Published:
13 February 2018

Summary

IBM iNotes versions 8.5 and 9.0 are susceptible to a DLL hijacking vulnerability that allows an attacker to execute arbitrary code. This occurs when iNotes is tricked into loading a malicious DLL file disguised as a legitimate Windows DLL from the temp directory. Proper validation and security configurations are essential to prevent the exploitation of this vulnerability.

Affected Version(s)

Client Application Access 1.0.0.1

Client Application Access 1.0.1.1

Client Application Access 1.0.1.2

References

http://www.ibm.com/support/docview.wss?uid=swg22010774
x_refsource_CONFIRM
http://www.ibm.com/support/docview.wss?uid=swg22010775
x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/134532
x_refsource_MISC

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.