Vigil@nce - IBM Notes: executing DLL code
May 2018 by Vigil@nce
This bulletin was written by Vigil@nce : https://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can create a malicious DLL, and then put it in the
current directory of IBM Notes, in order to execute code.
Impacted products: Notes.
Severity: 2/4.
Creation date: 09/03/2018.
DESCRIPTION OF THE VULNERABILITY
The IBM Notes product uses external shared libraries (DLL).
However, if the working directory contains a malicious DLL, it is
automatically loaded.
An attacker can therefore create a malicious DLL, and then put it
in the current directory of IBM Notes, in order to execute code.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
https://vigilance.fr/vulnerability/IBM-Notes-executing-DLL-code-25509