Slashdot Mirror

← Back to Stories (view on slashdot.org)

IE 7.0/8.0b Code Execution 0-Day Released

Posted by kdawson on from the cross-zone-scripting dept.

SecureThroughObscure writes "Security blogger and researcher Nate McFeters blogged about a 0-day exploit affecting IE7 and IE8 beta on XP that was released by noted security researcher Aviv Raff. The flaw is a 'cross-zone scripting' flaw that takes advantage of the fact that printing HTML web pages occurs in the Local Machine Zone in IE rather than in the Internet Zone. Quoting McFeters's post: 'This is currently unpatched and in all of its 0-day glory, so for the time being, beware printing using the "print table of links" option when printing web pages.' McFeters and others will be presenting at Black Hat on the link between cross-site scripting and cross-zone. Rob Carter has been hitting this hard over at his blog, pointing out cross-zone weaknesses in Azureus, uTorrent, and the Eclipse platform."

4 of 131 comments (clear)

  1. Irresponsible disclosure by benjymouse · · Score: 4, Interesting

    The vuln. is probably real, but Aviv Raff notified Microsoft the day before he went public with a "treasure hunt" for this bug (celebrating Isreals 60th birthday); thus the fact that it's a 0day vuln. is entirely his doing. Way to go.

    --
    Reading slashdot one-liner: (irm http://rss.slashdot.org/Slashdot/slashdot).rdf.item | fl title,desc*
  2. Can it be triggered via javascript? by foniksonik · · Score: 4, Interesting

    Can you trigger this behavior in an onload event?

    If not it's a rather useless exploit other than as a prank to pull on your secretary... "Hey Sandra... can you print out a table of links for this website?"

    5 minutes later "What the F***!"

    "HAHAHAHAHAHAHA... I totally got you!"

    --
    A fool throws a stone into a well and a thousand sages can not remove it.
  3. Re:Proof by CastrTroy · · Score: 2, Interesting

    Why would you want special permissions on stuff in your intranet? Couldn't any disgruntled employee set up a webserver on their computer, send out a mass email, telling people to visit the url. and infect a large portion of the computers in the office? If you want special permissions for intranet servers, install your own CA, and let the browser run stuff only signed by that CA.

    --

    Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
  4. I'm not sure that holds up by HangingChad · · Score: 2, Interesting

    The more complex the software releases become, the more complex and insidious the exploits of them become also.

    I'm not sure if that statement will hold up to scrutiny. If complex software is the issue, then you'd expect exploits to be consistent across platforms when comparing software of similar complexity. I haven't seen any research supporting that observation. I have seen research that says more complex software will likely contain more coding errors and potential exploits but haven't seen a correlation between software size and actual successful attacks across platforms.

    The elephant in the room we ultimately end up dancing around is that we're talking about Windows exploits. The problem is not complex software, the problem is Windows complexity. And Windows API's and their relationship to the software that runs in that environment. Although not all versions of Windows are equally vulnerable, the bottom line is that security in Windows was an after thought. Bolted on rather than pervasive. It's like trying to secure a building designed for open access.

    --
    That's our life, the big wheel of shit. - The Fat Man, Blue Tango Salvage