|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Secunia Security Advisories (sec-adv
secunia.com)
Date: Wed May 14 2008 - 11:24:05 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
----------------------------------------------------------------------
Secunia Network Software Inspector 2.0 (NSI) - Public Beta
The Public Beta has ended. Thanks to all that participated.
Learn more:
http://secunia.com/network_software_inspector_2/
----------------------------------------------------------------------
TITLE:
Internet Explorer "Print Table of Links" Cross-Zone Scripting
SECUNIA ADVISORY ID:
SA30141
VERIFY ADVISORY:
http://secunia.com/advisories/30141/
CRITICAL:
Less critical
IMPACT:
System access
WHERE:
From remote
SOFTWARE:
Microsoft Internet Explorer 7.x
http://secunia.com/product/12366/
Microsoft Internet Explorer 6.x
http://secunia.com/product/11/
DESCRIPTION:
Aviv Raff has discovered a vulnerability in Internet Explorer, which
can be exploited by malicious people to compromise a user's system.
Input passed via links within an HTML file is not being properly
sanitised before being used to generate a printable HTML file. This
can be exploited to inject arbitrary script code, which is executed
in local context when a user is enticed to print a specially crafted
HTML document with the "Print table of links" option enabled.
Successful exploitation allows execution of arbitrary code.
The vulnerability is confirmed in Internet Explorer 6 and 7 on a
fully patched Windows XP SP2. Other versions may also be affected.
SOLUTION:
Do not print HTML files from untrusted sources with the "Print table
of links" option.
PROVIDED AND/OR DISCOVERED BY:
Aviv Raff
ORIGINAL ADVISORY:
http://aviv.raffon.net/2008/05/14/InternetExplorerQuotPrintTableOfLinksquotCrossZoneScriptingVulnerability.aspx
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
----------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]