RCE in Ibm Lotus_notes
CVE-2012-2174
The URL handler in IBM Lotus Notes 8.x before 8.5.3 FP2 allows remote attackers to execute arbitrary code via a crafted notes:// URL.
Vulnerability class: RCE (Remote Code Execution)
EPSS: 0.646 (98.5th percentile) — read the EPSS interpretation.
Affected products
- Ibm Lotus_notes — versions 8.0, 8.0.0, 8.0.1
- N/a — versions n/a
Weakness classification (CWE)
Public proof-of-concept exploits
References
- psirt@us.ibm.com (x_refsource_CONFIRM)
- lotusnotes-notes-command-execution(75320) (vdb-entry, x_refsource_XF)
Frequently asked questions
- What is CVE-2012-2174?
- CVE-2012-2174 is a vulnerability in Ibm Lotus_notes, classified under Code Injection. Published 2012-06-20.
- Is CVE-2012-2174 known to be exploited?
- 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.