CVE-2009-3114: Code Injection
First published: Wed Sep 09 2009(Updated: )
The RSS reader widget in IBM Lotus Notes 8.0 and 8.5 saves items from an RSS feed as local HTML documents, which allows remote attackers to execute arbitrary script in Internet Explorer's Local Machine Zone via a crafted feed, aka SPR RGAU7RDJ9K.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Notes | =8.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2009-3114?
CVE-2009-3114 is categorized as a medium vulnerability due to its potential to execute arbitrary scripts.
How do I fix CVE-2009-3114?
To fix CVE-2009-3114, upgrade to a patched version of IBM Lotus Notes that addresses this vulnerability.
What versions of IBM Lotus Notes are affected by CVE-2009-3114?
CVE-2009-3114 affects IBM Lotus Notes versions 8.0 and 8.5.
What type of attack is associated with CVE-2009-3114?
CVE-2009-3114 is associated with remote attacks that exploit crafted RSS feeds to execute scripts.
Can CVE-2009-3114 impact Internet Explorer?
Yes, CVE-2009-3114 can allow arbitrary script execution in Internet Explorer's Local Machine Zone.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/references
- agent/weakness
- agent/severity
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/ibm
- canonical/ibm notes
- version/ibm notes/8.5