Lotus Notes is the client for Lotus Domino servers.
Lotus Notes 8.5.3 (and earlier) is vulnerable to remote code execution when handling a specially crafted URL. A remote attacker can pass the
-RPARAMS command line argument to
notes.exe, which then launches
rpclauncher.exe. Also supplying the java
-vm command allows the attacker to execute arbitrary code in the context of the
Apply the updates as described in the IBM Security Bulletin.
This exploit has been tested against IBM Lotus Notes 8.5.3 FP1 on Microsoft Windows XP SP3 English (DEP OptIn) and Microsoft Windows 7 SP1 (DEP OptIn).
The user must open the HTML page using Internet Explorer 8 or 9 on the target.
The binary 'smbclient' must be available to the script.
The target must be able to access the specified SMB share anonymously.
A valid login and password with write permission for the specified SMB share are required.