IE 7.0/8.0b Code Execution 0-Day Released

IE 7.0/8.0b Code Execution 0-Day Released 131

Posted by kdawson on Friday May 16, 2008 @09:45AM from the cross-zone-scripting dept.

SecureThroughObscure writes "Security blogger and researcher Nate McFeters blogged about a 0-day exploit affecting IE7 and IE8 beta on XP that was released by noted security researcher Aviv Raff. The flaw is a 'cross-zone scripting' flaw that takes advantage of the fact that printing HTML web pages occurs in the Local Machine Zone in IE rather than in the Internet Zone. Quoting McFeters's post: 'This is currently unpatched and in all of its 0-day glory, so for the time being, beware printing using the "print table of links" option when printing web pages.' McFeters and others will be presenting at Black Hat on the link between cross-site scripting and cross-zone. Rob Carter has been hitting this hard over at his blog, pointing out cross-zone weaknesses in Azureus, uTorrent, and the Eclipse platform."

IE 7.0/8.0b Code Execution 0-Day Released

This discussion has been archived. No new comments can be posted.

Search 131 Comments Log In/Create an Account

Comments Filter:

Amazing (Score:5, Funny)

by duplicate-nickname ( 87112 ) writes: on Friday May 16, 2008 @09:53AM (#23432544) Homepage

I didn't even know that "Print table of links" was an option for printing in IE until today. My guess is that no one actually uses that feature, and this 0-day exploit affects roughly 0 people.

Usage (Score:5, Funny)

by Wowsers ( 1151731 ) writes: on Friday May 16, 2008 @09:56AM (#23432594) Journal

People still use Internet Exploder?

For using IE since 2.X... (Score:3, Funny)

by AioKits ( 1235070 ) writes: on Friday May 16, 2008 @10:01AM (#23432666)

I can safely say I did not know this ability even existed. (Don't hurt me! I use FireFox at home! Honest! I even brought some FF t-shirts and the laptop tote.)

Re:Amazing (Score:5, Funny)

by Anonymous Coward writes: on Friday May 16, 2008 @10:08AM (#23432768)

You're forgetting about another MSIE feature, a TWAIN plugin called "Scan table of links".

To view this article on one page... (Score:5, Funny)

by Thelasko ( 1196535 ) writes: on Friday May 16, 2008 @10:13AM (#23432854) Journal

please select the printable version.

end sarcasm

Re:Proof (Score:1, Funny)

by morgan_greywolf ( 835522 ) * writes: on Friday May 16, 2008 @10:56AM (#23433666) Homepage Journal

Exactly. I knew you'd see it my way.

Re:yes, I use it (Score:3, Funny)

by Just Some Guy ( 3352 ) writes: <kirk+slashdot@strauser.com> on Friday May 16, 2008 @11:20AM (#23434120) Homepage Journal

Sorry, I could not keep from modding this funny.

It didn't take.

Re:Must we highlight every bug in IE? (Score:3, Funny)

by Vexorian ( 959249 ) writes: on Friday May 16, 2008 @11:38AM (#23434494)

God forbid this site bashed windows.

Oh yeah? (Score:4, Funny)

by Spy der Mann ( 805235 ) writes: <`moc.liamg' `ta' `todhsals.nnamredyps'> on Friday May 16, 2008 @11:58AM (#23434834) Homepage Journal

yes, I use Internet Explorer in Windows Vista that is the safest browser because it runs with the lowest privileges possibile in a sandbox (IE7 Protected mode).

Oh yeah? I use Internet Explorer in XP under non-admin mode in a virtualbox install on Cygwin on a virtualbox install of XP inside a Linux virtualbox install under a SELinux host!

HAH! Take that!

Printer-friendly version (Score:3, Funny)

by 6Yankee ( 597075 ) writes: on Friday May 16, 2008 @01:22PM (#23436350)

here [pwn3d.ru]

Re:yes, I use it (Score:1, Funny)

by Anonymous Coward writes: on Friday May 16, 2008 @01:23PM (#23436364)

I appreciate the honesty that your name portrays.

Re:Proof (Score:4, Funny)

by keytoe ( 91531 ) writes: on Friday May 16, 2008 @01:45PM (#23436734) Homepage

Your markup is incorrect - you left the slash off your closing Pffft. tag.

Re:0-day (Score:5, Funny)

by An ominous Cow art ( 320322 ) writes: on Friday May 16, 2008 @03:02PM (#23438262) Journal

Yeah, the term has definitely been bricked.

There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.

IE 7.0/8.0b Code Execution 0-Day Released 131

IE 7.0/8.0b Code Execution 0-Day Released More Login

IE 7.0/8.0b Code Execution 0-Day Released

Amazing (Score:5, Funny)

Usage (Score:5, Funny)

For using IE since 2.X... (Score:3, Funny)

Re:Amazing (Score:5, Funny)

To view this article on one page... (Score:5, Funny)

Re:Proof (Score:1, Funny)

Re:yes, I use it (Score:3, Funny)

Re:Must we highlight every bug in IE? (Score:3, Funny)

Oh yeah? (Score:4, Funny)

Printer-friendly version (Score:3, Funny)

Re:yes, I use it (Score:1, Funny)

Re:Proof (Score:4, Funny)

Re:0-day (Score:5, Funny)

Related Links Top of the: day, week, month.

Slashdot Top Deals

Slashdot