Published: 13/02/2018 Updated: 13/03/2018

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

IBM iNotes 8.5 and 9.0 SUService can be misguided into running malicious code from a DLL masquerading as a windows DLL in the temp directory. IBM X-Force ID: 134532.

Vulnerable Product	Search on Vulmon	Subscribe to Product
ibm notes 9.0.0.0
ibm notes 8.5.0.0
ibm notes 8.5.1.0
ibm notes 8.5.2.0
ibm notes 8.5.3.0
ibm notes 9.0.1.0
ibm client application access 1.0.1.1
ibm client application access 1.0.1.2
ibm client application access 1.0.1.0

If you haven't already killed Lotus Notes, IBM just gave you the perfect reason to do it now, fast

The Register • Richard Chirgwin • 12 Feb 2018

Also: Big Blue's Meltdown, Spectre status updated, and a mystery bug in AIX

IBM has warned that bugs in its Notes auto-updater mean the service can be tricked into running malicious code. In its advisory, IBM says the Notes Smart Updater service, which sees upgrades of Notes sent to users' desktops, “can be misguided into running malicious code from a DLL masquerading as a windows DLL in the temp directory.” Compromising an auto-updater is serious business: users trust them to bring in safe code, in this case new versions of Notes. Flaws in such a service are theref...

CVE-2017-1711

Vulnerability Summary

Recent Articles

References

Vulmon Search

About

Products

Connect