CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
99.6%
Added: 09/07/2012
CVE: CVE-2012-2174
BID: 54070
OSVDB: 83063
Lotus Notes is the client for Lotus Domino servers.
Lotus Notes 8.5.3 (and earlier) is vulnerable to remote code execution when handling a specially crafted URL. A remote attacker can pass the -RPARAMS
command line argument to notes.exe
, which then launches rpclauncher.exe
. Also supplying the java -vm
command allows the attacker to execute arbitrary code in the context of the notes.exe
process.
Apply the updates as described in the IBM Security Bulletin.
<http://www.zerodayinitiative.com/advisories/ZDI-12-154/>
This exploit has been tested against IBM Lotus Notes 8.5.3 FP1 on Microsoft Windows XP SP3 English (DEP OptIn) and Microsoft Windows 7 SP1 (DEP OptIn).
The user must open the HTML page using Internet Explorer 8 or 9 on the target.
The binary βsmbclientβ must be available to the script.
The target must be able to access the specified SMB share anonymously.
A valid login and password with write permission for the specified SMB share are required.
Windows