← back
CVE-2017-1130

CVE-2017-1130

EPSS 29.2%
In short

IBM Notes 8.5 and 9.0 can be crashed if a user clicks a malicious link, which opens many file dialogs and freezes the application until restart.

Technical detail

A crafted link triggers excessive file selection dialog creation in IBM Notes 8.5/9.0, causing resource exhaustion and application hang. Attack requires user interaction (click) and results in denial of service to the client.

Summary generated and translated by AI from the official description.
IBM Notes 8.5 and 9.0 is vulnerable to a denial of service. If a user is persuaded to click on a malicious link, it would open up many file select dialog boxes which would cause the client hang and have to be restarted. IBM X-Force ID: 121371.
Affected products
IBM · Notes
public PoCs found2
cve_referencewww.exploit-db.com/exploits/42604/unverifiedexploitdbwww.exploit-db.com/exploits/42604unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://exchange.xforce.ibmcloud.com/vulnerabilities/121371https://www.exploit-db.com/exploits/42604/http://www.ibm.com/support/docview.wss?uid=swg21999384http://www.securityfocus.com/bid/100632