CVE-2009-3114 Information

Description

The RSS reader widget in IBM Lotus Notes 8.0 and 8.5 saves items from an RSS feed as local HTML documents which allows remote attackers to execute arbitrary script in Internet Explorer’s Local Machine Zone via a crafted feed aka SPR RGAU7RDJ9K.

Reference

http://secunia.com/advisories/36813 http://www.scip.ch/?vuldb.4021 http://www.securityfocus.com/archive/1/506296/100/0/threaded http://www.securityfocus.com/bid/36305 http://www-01.ibm.com/support/docview.wss?uid=swg21403834