IE 7.0/8.0b Code Execution 0-Day Released
Posted by: kaizenlog in Kaizenlog, tags: IE 7.0/8.0b Code Execution 0-Day Released |  |  |  |  | |||||||||||||||||||||||||||||||||||||
+—————————–
| IE 7.0/8.0b Code Execution 0-Day Released |
| from the cross-zone-scripting dept. |
| posted by kdawson on Friday May 16, @09:45 (Security) |
| http://it.slashdot.org/article.pl?sid=08/05/16/1325211 |
+——————————————————————–+
[0]SecureThroughObscure writes “Security blogger and researcher Nate
McFeters blogged about a [1]0-day exploit affecting IE7 and IE8 beta on
XP that was released by noted security researcher [2]Aviv Raff. The flaw
is a ‘cross-zone scripting’ flaw that takes advantage of the fact that
printing HTML web pages occurs in the Local Machine Zone in IE rather
than in the Internet Zone. Quoting McFeters’s post: ‘This is currently
unpatched and in all of its 0-day glory, so for the time being, beware
printing using the “print table of links” option when printing web
pages.’ McFeters and others will be presenting at Black Hat on the link
between cross-site scripting and cross-zone. [3]Rob Carter has been
hitting this hard over at his blog, pointing out cross-zone weaknesses in
Azureus, uTorrent, and the Eclipse platform.”
Discuss this story at:
http://it.slashdot.org/comments.pl?sid=08/05/16/1325211
Links:
0. mailto:sec.through.obsc [Email address: sec.through.obsc #AT# gmail.com - replace #AT# with @ ]
1. http://blogs.zdnet.com/security/?p=1101
2. http://aviv.raffon.net/2008/05/14/InternetExplorerQuotPrintTableOfLinksquotCrossZoneScriptingVulnerability.aspx
3. http://r00tin.blogspot.com/
Welcome back to Kaizenlog.com, you may want to subscribe to my RSS feed , Twitter You can contact us by using the contact form or submitting a comment. You can also share this post with your friends by clicking on the 'ShareThis' button above. Thanks for visiting!
Print This Post
Entries (RSS)