CVE-2009-3114

IBM Lotus Notes 8.0 and 8.5 - Remote Code Execution via RSS Reader Widget

Title source: llm
STIX 2.1

Description

The RSS reader widget in IBM Lotus Notes 8.0 and 8.5 saves items from an RSS feed as local HTML documents, which allows remote attackers to execute arbitrary script in Internet Explorer's Local Machine Zone via a crafted feed, aka SPR RGAU7RDJ9K.

References (5)

Core 5
Core References
Various Sources x_refsource_misc
http://www.scip.ch/?vuldb.4021
Vendor Advisory x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21403834
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/36813
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/506296/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/36305

Scores

EPSS 0.0225
EPSS Percentile 80.7%

Details

CWE
CWE-94
Status published
Products (1)
ibm/lotus_notes 8.5
Published Sep 09, 2009
Tracked Since Feb 18, 2026