Vulnerability Description
The RSS reader widget in IBM Lotus Notes 8.0 and 8.5 saves items from an RSS feed as local HTML documents, which allows remote attackers to execute arbitrary script in Internet Explorer's Local Machine Zone via a crafted feed, aka SPR RGAU7RDJ9K.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Lotus Notes | 8.5 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/36813Vendor Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg21403834Vendor Advisory
- http://www.scip.ch/?vuldb.4021
- http://www.securityfocus.com/archive/1/506296/100/0/threaded
- http://www.securityfocus.com/bid/36305
- http://secunia.com/advisories/36813Vendor Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg21403834Vendor Advisory
- http://www.scip.ch/?vuldb.4021
- http://www.securityfocus.com/archive/1/506296/100/0/threaded
- http://www.securityfocus.com/bid/36305
FAQ
What is CVE-2009-3114?
CVE-2009-3114 is a vulnerability with a CVSS score of 7.5 (HIGH). The RSS reader widget in IBM Lotus Notes 8.0 and 8.5 saves items from an RSS feed as local HTML documents, which allows remote attackers to execute arbitrary script in Internet Explorer's Local Machin...
How severe is CVE-2009-3114?
CVE-2009-3114 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-3114?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Lotus Notes.