Vigil@nce - IBM Notes: executing DLL code via System Diagnostics
May 2018 by Vigil@nce
This bulletin was written by Vigil@nce : https://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can create a malicious System Diagnostics DLL, and
then put it in the current directory of IBM Notes, in order to
execute code.
Impacted products: Notes.
Severity: 2/4.
Creation date: 09/03/2018.
DESCRIPTION OF THE VULNERABILITY
The IBM Notes product uses external shared libraries (DLL).
However, if the working directory contains a malicious System
Diagnostics DLL, it is automatically loaded.
An attacker can therefore create a malicious System Diagnostics
DLL, and then put it in the current directory of IBM Notes, in
order to execute code.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
https://vigilance.fr/vulnerability/IBM-Notes-executing-DLL-code-via-System-Diagnostics-25510