Yet another cross-site scripting vulnerability affects IE7 on XP
By Scott M. Fulton, III, BetaNews
May 16, 2008, 2:11 PM
A private security researcher well known for turning up cross-site scripting vulnerabilities in Web browsers has discovered another one, and is trumpeting the find as another milestone in Web history.
Truth is, it sounds like a trumpet we've all heard too many times before. On Wednesday, researcher Aviv Raff posted on his Web site the discovery of a vulnerability so open and easy to exploit, that merely mentioning what it is could be enough of an instruction manual for malicious exploiters to try it for themselves.
Simply put, when printing a Web page onto paper, IE gives the user an option to print a separate page showing a table of hyperlinks inside the page. Typically, processes related to the printer are run with a security level set to "Local Machine Zone," whose security is usually more lax. So as Raff discovered, jobs sent to the printer from IE run with the more lax security. Thus embedded script within the hyperlinks is capable of being run unchecked, even though it's IE itself that's re-embedding those hyperlinks into the user-generated table.
The proof-of-concept Raff provides embeds code that runs the Calculator, though conceivably any script code could have run in that space unchecked. In BetaNews tests, the exploit was successfully triggered using IE7 in Windows XP SP2 and Windows XP SP3.
On his Web post from Wednesday, Raff states he contacted Microsoft the day before, but "their last response was that they are looking at an appropriate fix." Microsoft has yet to issue any official response to the matter.
Add a Comment (36 Comments)
BetaNews reserves the right to remove any comment at any time for any reason. Please keep your responses appropriate and on topic. Foul language and personal attacks will not be tolerated.