CVE-2012-2174

IBM Lotus Notes 8.x - Remote Code Execution via Crafted notes:// URL

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2012-2174. PoCs published by Metasploit, Moritz Jodeit, Sean de Regge, juan vazquez, including Metasploit module exploits/windows/browser/notes_handler_cmdinject.

AI-analyzed exploit summary This Metasploit module exploits a command injection vulnerability in IBM Lotus Notes Client via a crafted notes:// URL, leading to arbitrary command execution. It delivers a payload through an HTTP server and uses JavaScript to trigger the exploit.

Description

The URL handler in IBM Lotus Notes 8.x before 8.5.3 FP2 allows remote attackers to execute arbitrary code via a crafted notes:// URL.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/23650

View Code ZIP pw:eip

This Metasploit module exploits a command injection vulnerability in IBM Lotus Notes Client via a crafted notes:// URL, leading to arbitrary command execution. It delivers a payload through an HTTP server and uses JavaScript to trigger the exploit.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: IBM Lotus Notes Client <= 8.5.3

No auth needed

Prerequisites: Victim must visit a malicious URL or open a crafted link · IBM Lotus Notes Client installed on the target system

MITRE ATT&CK

T1189 - Drive-by Compromise T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC EXCELLENT

by Moritz Jodeit, Sean de Regge, juan vazquez · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/notes_handler_cmdinject.rb

View Code ZIP pw:eip

This Metasploit module exploits a command injection vulnerability in IBM Lotus Notes Client via a crafted notes:// URL, allowing arbitrary command execution. It delivers a payload through a malicious HTML page that triggers the vulnerability when rendered.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: IBM Lotus Notes Client <= 8.5.3

No auth needed

Prerequisites: Victim must open a malicious URL in a browser with Lotus Notes Client installed

MITRE ATT&CK

T1203 - Exploitation for Client Execution T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (2)

Core 2

Core References

Various Sources x_refsource_confirm

http://www.ibm.com/support/docview.wss?uid=swg21598348

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/75320

Scores

EPSS 0.3829

EPSS Percentile 98.4%

Details

CWE

CWE-94

Status published

Products (27)

ibm/lotus_notes 8.0

ibm/lotus_notes 8.0.0

ibm/lotus_notes 8.0.1

ibm/lotus_notes 8.0.2

ibm/lotus_notes 8.0.2.0

ibm/lotus_notes 8.0.2.1

ibm/lotus_notes 8.0.2.2

ibm/lotus_notes 8.0.2.3

ibm/lotus_notes 8.0.2.4

ibm/lotus_notes 8.0.2.5

... and 17 more

Published Jun 20, 2012

Tracked Since Feb 18, 2026