---------------------------------------------------------------------- Secunia Network Software Inspector 2.0 (NSI) - Public Beta The Public Beta has ended. Thanks to all that participated. Learn more: http://secunia.com/network_software_inspector_2/ ---------------------------------------------------------------------- TITLE: Internet Explorer "Print Table of Links" Cross-Zone Scripting SECUNIA ADVISORY ID: SA30141 VERIFY ADVISORY: http://secunia.com/advisories/30141/ CRITICAL: Less critical IMPACT: System access WHERE: >From remote SOFTWARE: Microsoft Internet Explorer 7.x http://secunia.com/product/12366/ Microsoft Internet Explorer 6.x http://secunia.com/product/11/ DESCRIPTION: Aviv Raff has discovered a vulnerability in Internet Explorer, which can be exploited by malicious people to compromise a user's system. Input passed via links within an HTML file is not being properly sanitised before being used to generate a printable HTML file. This can be exploited to inject arbitrary script code, which is executed in local context when a user is enticed to print a specially crafted HTML document with the "Print table of links" option enabled. Successful exploitation allows execution of arbitrary code. The vulnerability is confirmed in Internet Explorer 6 and 7 on a fully patched Windows XP SP2. Other versions may also be affected. SOLUTION: Do not print HTML files from untrusted sources with the "Print table of links" option. PROVIDED AND/OR DISCOVERED BY: Aviv Raff ORIGINAL ADVISORY: http://aviv.raffon.net/2008/05/14/InternetExplorerQuotPrintTableOfLinksquotCrossZoneScriptingVulnerability.aspx ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------