---------------------------------------+
| IE 7.0/8.0b Code Execution 0-Day Released |
| from the cross-zone-scripting dept. |
| posted by kdawson on Friday May 16, @09:45 (Security) |
| http://it.slashdot.org/article.pl?sid=08/05/16/1325211 |
+--------------------------------------------------------------------+
[0]SecureThroughObscure writes "Security blogger and researcher Nate
McFeters blogged about a [1]0-day exploit affecting IE7 and IE8 beta on
XP that was released by noted security researcher [2]Aviv Raff. The flaw
is a 'cross-zone scripting' flaw that takes advantage of the fact that
printing HTML web pages occurs in the Local Machine Zone in IE rather
than in the Internet Zone. Quoting McFeters's post: 'This is currently
unpatched and in all of its 0-day glory, so for the time being, beware
printing using the "print table of links" option when printing web
pages.' McFeters and others will be presenting at Black Hat on the link
between cross-site scripting and cross-zone. [3]Rob Carter has been
hitting this hard over at his blog, pointing out cross-zone weaknesses in
Azureus, uTorrent, and the Eclipse platform."
Discuss this story at:
http://it.slashdot.org/comments.pl?sid=08/05/16/1325211
Links:
0. mailto:sec.through.obsc@gmail.com
1. http://blogs.zdnet.com/security/?p=1101
2. http://aviv.raffon.net/2008/05/14/InternetExplorerQuotPrintTableOfLinksquotCrossZoneScriptingVulnerability.aspx
3. http://r00tin.blogspot.com/
| IE 7.0/8.0b Code Execution 0-Day Released |
| from the cross-zone-scripting dept. |
| posted by kdawson on Friday May 16, @09:45 (Security) |
| http://it.slashdot.org/article.pl?sid=08/05/16/1325211 |
+--------------------------------------------------------------------+
[0]SecureThroughObscure writes "Security blogger and researcher Nate
McFeters blogged about a [1]0-day exploit affecting IE7 and IE8 beta on
XP that was released by noted security researcher [2]Aviv Raff. The flaw
is a 'cross-zone scripting' flaw that takes advantage of the fact that
printing HTML web pages occurs in the Local Machine Zone in IE rather
than in the Internet Zone. Quoting McFeters's post: 'This is currently
unpatched and in all of its 0-day glory, so for the time being, beware
printing using the "print table of links" option when printing web
pages.' McFeters and others will be presenting at Black Hat on the link
between cross-site scripting and cross-zone. [3]Rob Carter has been
hitting this hard over at his blog, pointing out cross-zone weaknesses in
Azureus, uTorrent, and the Eclipse platform."
Discuss this story at:
http://it.slashdot.org/comments.pl?sid=08/05/16/1325211
Links:
0. mailto:sec.through.obsc@gmail.com
1. http://blogs.zdnet.com/security/?p=1101
2. http://aviv.raffon.net/2008/05/14/InternetExplorerQuotPrintTableOfLinksquotCrossZoneScriptingVulnerability.aspx
3. http://r00tin.blogspot.com/
Comments
There are no comments yet on IE 7.0/8.0b Code Execution 0-Day Released.