CVE-2018-1435

Published: Mar 14, 2018Modified: Nov 21, 2024

7.8

Vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

IBM Notes 8.5 and 9.0 is vulnerable to a DLL hijacking attack. A remote attacker could trick a user to double click a malicious executable in an attacker-controlled directory, which could result in code execution. IBM X-Force ID: 139563.

Affected (11)

Products: Ibm: Notes

1 product

Configuration A

11 vulnerable

Vulnerable Software	Affected Versions
Ibm Notes	Version 8.5.0.2
Ibm Notes	Version 8.5.1.5
Ibm Notes	Version 8.5.1
Ibm Notes	Version 8.5.2.4
Ibm Notes	Version 8.5.2
Ibm Notes	Version 8.5.3.6
Ibm Notes	Version 8.5.3
Ibm Notes	Version 8.5
Ibm Notes	Version 9.0.1.9
Ibm Notes	Version 9.0.1
Ibm Notes	Version 9.0

Related CWEs

Untrusted Search Path

The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.

References (8)

http://www.ibm.com/support/docview.wss?uid=swg22014198

Source: psirt@us.ibm.com

PatchVendor Advisory

http://www.securityfocus.com/bid/103404

Source: psirt@us.ibm.com

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1040563

Source: psirt@us.ibm.com

Third Party AdvisoryVDB Entry

https://exchange.xforce.ibmcloud.com/vulnerabilities/139563

Source: psirt@us.ibm.com

VDB EntryVendor Advisory

http://www.ibm.com/support/docview.wss?uid=swg22014198

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://www.securityfocus.com/bid/103404

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1040563

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://exchange.xforce.ibmcloud.com/vulnerabilities/139563

Source: af854a3a-2127-422b-91ae-364da2661108

VDB EntryVendor Advisory

Timeline

No history available yet.