CVE-2009-3114

The RSS reader widget in IBM Lotus Notes 8.0 and 8.5 saves items from an RSS feed as local HTML documents, which allows remote attackers to execute arbitrary script in Internet Explorer's Local Machine Zone via a crafted feed, aka SPR RGAU7RDJ9K.
Configurations

Configuration 1 (hide)

cpe:2.3:a:ibm:lotus_notes:8.5:*:*:*:*:*:*:*

History

21 Nov 2024, 01:06

Type Values Removed Values Added
References () http://secunia.com/advisories/36813 - Vendor Advisory () http://secunia.com/advisories/36813 - Vendor Advisory
References () http://www-01.ibm.com/support/docview.wss?uid=swg21403834 - Vendor Advisory () http://www-01.ibm.com/support/docview.wss?uid=swg21403834 - Vendor Advisory
References () http://www.scip.ch/?vuldb.4021 - () http://www.scip.ch/?vuldb.4021 -
References () http://www.securityfocus.com/archive/1/506296/100/0/threaded - () http://www.securityfocus.com/archive/1/506296/100/0/threaded -
References () http://www.securityfocus.com/bid/36305 - () http://www.securityfocus.com/bid/36305 -

Information

Published : 2009-09-09 22:30

Updated : 2024-11-21 01:06


NVD link : CVE-2009-3114

Mitre link : CVE-2009-3114

CVE.ORG link : CVE-2009-3114


JSON object : View

Products Affected

ibm

  • lotus_notes
CWE
CWE-94

Improper Control of Generation of Code ('Code Injection')