CVE-2009-3038

IBM Lotus Notes Connector - Denial of Service via lnresobject.dll ActiveX Control

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-3038. PoCs published by Francis Provencher.

AI-analyzed exploit summary This exploit leverages a vulnerability in the Lotus Notes Connector for Blackberry Manager by instantiating a vulnerable ActiveX control (CLSID: {158CD9E8-E195-4E82-9A78-0CF6B86B3629}) via an HTML object tag, resulting in a remote Denial of Service (DoS) condition.

Description

A certain ActiveX control in lnresobject.dll 7.1.1.119 in the Research In Motion (RIM) Lotus Notes connector for BlackBerry Desktop Manager 5.0.0.11 allows remote attackers to cause a denial of service (Internet Explorer crash) by referencing the control's CLSID in the classid attribute of an OBJECT element.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Francis Provencher · textdoswindows

https://www.exploit-db.com/exploits/9517

View Code ZIP pw:eip

This exploit leverages a vulnerability in the Lotus Notes Connector for Blackberry Manager by instantiating a vulnerable ActiveX control (CLSID: {158CD9E8-E195-4E82-9A78-0CF6B86B3629}) via an HTML object tag, resulting in a remote Denial of Service (DoS) condition.

Classification

Working Poc 100%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Lotus Notes Connector for Blackberry Manager 5.0.0.11 (lnresobject.dll 7.1.1.119)

No auth needed

Prerequisites: Victim must visit a malicious webpage using Internet Explorer 6 or 8

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit, Third Party Advisory exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/9517

Scores

EPSS 0.0346

EPSS Percentile 87.5%

Details

Status published

Products (1)

ibm/lotus_notes_connector

Published Sep 01, 2009

Tracked Since Feb 18, 2026