DLL Hijacking Vulnerability in IBM iNotes by IBM
CVE-2017-1711

7.8HIGH

Key Information:

Vendor
IBM
Vendor
CVE Published:
13 February 2018

Summary

IBM iNotes versions 8.5 and 9.0 are susceptible to a DLL hijacking vulnerability that allows an attacker to execute arbitrary code. This occurs when iNotes is tricked into loading a malicious DLL file disguised as a legitimate Windows DLL from the temp directory. Proper validation and security configurations are essential to prevent the exploitation of this vulnerability.

Affected Version(s)

Client Application Access 1.0.0.1

Client Application Access 1.0.1.1

Client Application Access 1.0.1.2

References

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.