Wednesday, May 14, 2008

Internet Explorer "Print Table of Links" Cross-Zone Scripting Vulnerability

Aviv Raff posted the following vulnerability on his blog....the 0day treasure hunt is over.

Summary

Internet Explorer is prone to a Cross-Zone Scripting vulnerability in its “Print Table of Links” feature. This feature allows users to add to a printed web page an appendix which contains a table of all the links in that webpage.

An attacker can easily add a specially crafted link to a webpage (e.g. at his own website, comments in blogs, social networks, Wikipedia, etc.), so whenever a user will print this webpage with this feature enabled, the attacker will be able to run arbitrary code on the user’s machine (i.e. in order to take control over the machine).

Affected version

Internet Explorer 7.0 and 8.0b on a fully patched Windows XP.

Windows Vista with UAC enabled is partially affected (Information Leakage only).

Earlier versions of Internet Explorer may also be affected.

---------------------

A live proof-of-concept can be found at milw0rm.

No comments:

Post a Comment