Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-3114

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2009-3114
Last Modified 01 Oct 2009 12:00:00
Published 09 Sep 2009 06:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2009-3114

Summary

The RSS reader widget in IBM Lotus Notes 8.0 and 8.5 saves items from an RSS feed as local HTML documents, which allows remote attackers to execute arbitrary script in Internet Explorer's Local Machine Zone via a crafted feed, aka SPR RGAU7RDJ9K.

Vulnerable Systems

Application

  • Ibm Lotus Notes 8.5


References

BID - 36305

BUGTRAQ - 20090908 [scip_Advisory 4021] IBM Lotus Notes 8.5 RSS Widget Privilege Escalation

MISC - http://www.scip.ch/?vuldb.4021

CONFIRM - http://www-01.ibm.com/support/docview.wss?uid=swg21403834

SECUNIA - 36813


Last Updated: 27 May 2016 10:51:08