Vulnerability & Exploit Database

Back to search

IBM Lotus Notes Client URL Handler Command Injection

This module exploits a command injection vulnerability in the URL handler for for the IBM Lotus Notes Client <= 8.5.3. The registered handler can be abused with a specially crafted notes:// URL to execute arbitrary commands with also arbitrary arguments. This module has been tested successfully on Windows XP SP3 with IE8, Google Chrome 23.0.1271.97 m and IBM Lotus Notes Client 8.5.2.

Free Metasploit Download

Get your copy of the world's leading penetration testing tool

 Download Now

Module Name



  • Moritz Jodeit
  • Sean de Regge
  • juan vazquez <juan.vazquez [at]>



  • Automatic


  • windows



Module Options

To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':

msf > use exploit/windows/browser/notes_handler_cmdinject msf exploit(notes_handler_cmdinject) > show targets ...targets... msf exploit(notes_handler_cmdinject) > set TARGET <target-id> msf exploit(notes_handler_cmdinject) > show options and set options... msf exploit(notes_handler_cmdinject) > exploit