The RSS reader widget in IBM Lotus Notes 8.0 and 8.5 saves items from an RSS feed as local HTML documents, which allows remote attackers to execute arbitrary script in Internet Explorer's Local Machine Zone via a crafted feed, aka SPR RGAU7RDJ9K.
References
Configurations
History
21 Nov 2024, 01:06
Type | Values Removed | Values Added |
---|---|---|
References | () http://secunia.com/advisories/36813 - Vendor Advisory | |
References | () http://www-01.ibm.com/support/docview.wss?uid=swg21403834 - Vendor Advisory | |
References | () http://www.scip.ch/?vuldb.4021 - | |
References | () http://www.securityfocus.com/archive/1/506296/100/0/threaded - | |
References | () http://www.securityfocus.com/bid/36305 - |
Information
Published : 2009-09-09 22:30
Updated : 2024-11-21 01:06
NVD link : CVE-2009-3114
Mitre link : CVE-2009-3114
CVE.ORG link : CVE-2009-3114
JSON object : View
Products Affected
ibm
- lotus_notes
CWE
CWE-94
Improper Control of Generation of Code ('Code Injection')