Look Ma, No Content
Feel free to donate
Chris @ MyITforum
Subscribe in a reader
Subscribe to Chris Mosby at myITforum.com by Email
Internet Explorer "Print Table of Links" Cross-Zone Scripting Secunia Advisory:SA30141 Release Date:2008-05-14 Critical:Less critical Impact:System access Where:From remote Solution Status:Unpatched Software:Microsoft Internet Explorer 6.xMicrosoft Internet Explorer 7.xDescription:Aviv Raff has discovered a vulnerability in Internet Explorer, which can be exploited by malicious people to compromise a user's system.Input passed via links within an HTML file is not being properly sanitised before being used to generate a printable HTML file. This can be exploited to inject arbitrary script code, which is executed in local context when a user is enticed to print a specially crafted HTML document with the "Print table of links" option enabled.Successful exploitation allows execution of arbitrary code.The vulnerability is confirmed in Internet Explorer 6 and 7 on a fully patched Windows XP SP2. Other versions may also be affected.Solution:Do not print HTML files from untrusted sources with the "Print table of links" option.Provided and/or discovered by:Aviv RaffOriginal Advisory:http://aviv.raffon.net/2008/05/14/Int...tCrossZoneScriptingVulnerability.aspx
Internet Explorer "Print Table of Links" Cross-Zone Scripting
Secunia Advisory:SA30141
Release Date:2008-05-14
Critical:Less critical
Impact:System access
Where:From remote
Solution Status:Unpatched
Software:Microsoft Internet Explorer 6.xMicrosoft Internet Explorer 7.x
Internet Explorer "Print Table of Links" Cross-Zone Scripting - Advisories - Secunia
No Comments