CVE-2017-1130

MEDIUM

IBM Notes 8.5-9.0 - Denial of Service via Malicious Link

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2017-1130. PoCs published by Dhiraj Mishra, including Metasploit module auxiliary/dos/http/ibm_lotus_notes2.

AI-analyzed exploit summary This exploit demonstrates a denial of service (DoS) vulnerability in IBM Notes by repeatedly opening file dialog windows via JavaScript, causing the client to become unresponsive and require a restart.

Description

IBM Notes 8.5 and 9.0 is vulnerable to a denial of service. If a user is persuaded to click on a malicious link, it would open up many file select dialog boxes which would cause the client hang and have to be restarted. IBM X-Force ID: 121371.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Dhiraj Mishra · htmldosmultiple
https://www.exploit-db.com/exploits/42604

This exploit demonstrates a denial of service (DoS) vulnerability in IBM Notes by repeatedly opening file dialog windows via JavaScript, causing the client to become unresponsive and require a restart.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: IBM Notes (unspecified version)
No auth needed
Prerequisites: User interaction (clicking a malicious link)
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC
by Dhiraj Mishra · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/dos/http/ibm_lotus_notes2.rb

This exploit targets a DoS vulnerability in IBM Lotus Notes' native browser by repeatedly triggering file input dialogs via JavaScript, causing the browser to crash. The PoC serves a malicious HTML page via an HTTP server.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: IBM Lotus Notes (versions affected by CVE-2017-1130)
No auth needed
Prerequisites: Victim must visit the malicious webpage
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
VDB Entry, Vendor Advisory x_refsource_misc
https://exchange.xforce.ibmcloud.com/vulnerabilities/121371
Patch, Vendor Advisory x_refsource_confirm
http://www.ibm.com/support/docview.wss?uid=swg21999384
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/42604/
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/100632

Scores

CVSS v3 6.5
EPSS 0.6548
EPSS Percentile 98.5%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Details

Status published
Products (19)
ibm/inotes 8.5.0.0
ibm/inotes 8.5.1.0
ibm/inotes 8.5.1.1
ibm/inotes 8.5.1.5
ibm/inotes 8.5.2.0
ibm/inotes 8.5.2.1
ibm/inotes 8.5.2.4
ibm/inotes 8.5.3.0
ibm/inotes 8.5.3.1
ibm/inotes 8.5.3.6
... and 9 more
Published Sep 05, 2017
Tracked Since Feb 18, 2026