Posts Tagged “IE 7.0/8.0b Code Execution 0-Day Released”

17 05 2008

IE 7.0/8.0b Code Execution 0-Day Released

Posted by: kaizenlog in Computer, tags:

Welcome to Kaizenlog.com If you're new here, you may want to subscribe to my RSS feed , Twitter You can contact us by using the contact form or submitting a comment. Thanks for visiting!

+—————————–

—————————————+
| IE 7.0/8.0b Code Execution 0-Day Released                          |
|   from the cross-zone-scripting dept.                              |
|   posted by kdawson on Friday May 16, @09:45 (Security)            |
|   http://it.slashdot.org/article.pl?sid=08/05/16/1325211 |
+——————————————————————–+

[0]SecureThroughObscure writes “Security blogger and researcher Nate
McFeters blogged about a [1]0-day exploit affecting IE7 and IE8 beta on
XP that was released by noted security researcher [2]Aviv Raff. The flaw
is a ‘cross-zone scripting’ flaw that takes advantage of the fact that
printing HTML web pages occurs in the Local Machine Zone in IE rather
than in the Internet Zone. Quoting McFeters’s post: ‘This is currently
unpatched and in all of its 0-day glory, so for the time being, beware
printing using the “print table of links” option when printing web
pages.’ McFeters and others will be presenting at Black Hat on the link
between cross-site scripting and cross-zone. [3]Rob Carter has been
hitting this hard over at his blog, pointing out cross-zone weaknesses in
Azureus, uTorrent, and the Eclipse platform.”

This is a preview of IE 7.0/8.0b Code Execution 0-Day Released. Read the full post (214 words, estimated 51 secs reading time)

Listen to this podcast Listen to this podcast

Comments No Comments »