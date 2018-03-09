Vigil@nce - IBM Notes: executing DLL code via System Diagnostics

SYNTHESIS OF THE VULNERABILITY

An attacker can create a malicious System Diagnostics DLL, and then put it in the current directory of IBM Notes, in order to execute code.

Impacted products: Notes.

Severity: 2/4.

Creation date: 09/03/2018.

DESCRIPTION OF THE VULNERABILITY

The IBM Notes product uses external shared libraries (DLL).

However, if the working directory contains a malicious System Diagnostics DLL, it is automatically loaded.

An attacker can therefore create a malicious System Diagnostics DLL, and then put it in the current directory of IBM Notes, in order to execute code.

