CVE-2009-3114
IBM Lotus Notes 8.0 and 8.5 - Remote Code Execution via RSS Reader Widget
Title source: llmDescription
The RSS reader widget in IBM Lotus Notes 8.0 and 8.5 saves items from an RSS feed as local HTML documents, which allows remote attackers to execute arbitrary script in Internet Explorer's Local Machine Zone via a crafted feed, aka SPR RGAU7RDJ9K.
References (5)
Core 5
Core References
Various Sources x_refsource_misc
http://www.scip.ch/?vuldb.4021
Vendor Advisory x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21403834
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/36813
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/506296/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/36305
Scores
EPSS
0.0225
EPSS Percentile
80.7%
Details
CWE
CWE-94
Status
published
Products (1)
ibm/lotus_notes
8.5
Published
Sep 09, 2009
Tracked Since
Feb 18, 2026