CVE-2012-2174
IBM Lotus Notes - Code Injection
Title source: ruleDescription
The URL handler in IBM Lotus Notes 8.x before 8.5.3 FP2 allows remote attackers to execute arbitrary code via a crafted notes:// URL.
Exploits (2)
exploitdb
WORKING POC
VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/23650
metasploit
WORKING POC
EXCELLENT
by Moritz Jodeit, Sean de Regge, juan vazquez · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/notes_handler_cmdinject.rb
Scores
EPSS
0.6462
EPSS Percentile
98.5%
Details
CWE
CWE-94
Status
published
Products (27)
ibm/lotus_notes
8.0
ibm/lotus_notes
8.0.0
ibm/lotus_notes
8.0.1
ibm/lotus_notes
8.0.2
ibm/lotus_notes
8.0.2.0
ibm/lotus_notes
8.0.2.1
ibm/lotus_notes
8.0.2.2
ibm/lotus_notes
8.0.2.3
ibm/lotus_notes
8.0.2.4
ibm/lotus_notes
8.0.2.5
... and 17 more
Published
Jun 20, 2012
Tracked Since
Feb 18, 2026