IE 7.0/8.0b Code Execution 0-Day Released 131
SecureThroughObscure writes "Security blogger and researcher Nate McFeters blogged about a 0-day exploit affecting IE7 and IE8 beta on XP that was released by noted security researcher Aviv Raff. The flaw is a 'cross-zone scripting' flaw that takes advantage of the fact that printing HTML web pages occurs in the Local Machine Zone in IE rather than in the Internet Zone. Quoting McFeters's post: 'This is currently unpatched and in all of its 0-day glory, so for the time being, beware printing using the "print table of links" option when printing web pages.' McFeters and others will be presenting at Black Hat on the link between cross-site scripting and cross-zone. Rob Carter has been hitting this hard over at his blog, pointing out cross-zone weaknesses in Azureus, uTorrent, and the Eclipse platform."
Amazing (Score:5, Funny)
Usage (Score:5, Funny)
For using IE since 2.X... (Score:3, Funny)
Re:Amazing (Score:5, Funny)
To view this article on one page... (Score:5, Funny)
end sarcasm
Re:Proof (Score:1, Funny)
Re:yes, I use it (Score:3, Funny)
It didn't take.
Re:Must we highlight every bug in IE? (Score:3, Funny)
Oh yeah? (Score:4, Funny)
Oh yeah? I use Internet Explorer in XP under non-admin mode in a virtualbox install on Cygwin on a virtualbox install of XP inside a Linux virtualbox install under a SELinux host!
HAH! Take that!
Printer-friendly version (Score:3, Funny)
Re:yes, I use it (Score:1, Funny)
Re:Proof (Score:4, Funny)
Re:0-day (Score:5, Funny)