Slashdot Mirror

← Back to Stories (view on slashdot.org)

IE 7.0/8.0b Code Execution 0-Day Released

Posted by kdawson on from the cross-zone-scripting dept.

SecureThroughObscure writes "Security blogger and researcher Nate McFeters blogged about a 0-day exploit affecting IE7 and IE8 beta on XP that was released by noted security researcher Aviv Raff. The flaw is a 'cross-zone scripting' flaw that takes advantage of the fact that printing HTML web pages occurs in the Local Machine Zone in IE rather than in the Internet Zone. Quoting McFeters's post: 'This is currently unpatched and in all of its 0-day glory, so for the time being, beware printing using the "print table of links" option when printing web pages.' McFeters and others will be presenting at Black Hat on the link between cross-site scripting and cross-zone. Rob Carter has been hitting this hard over at his blog, pointing out cross-zone weaknesses in Azureus, uTorrent, and the Eclipse platform."

4 of 131 comments (clear)

  1. Re:yes, I use it by lloydchristmas759 · · Score: 1, Troll

    Sorry, I could not keep from modding this funny. I am really a GNU/FOSS/Linux geek :P

    --
    I'd give my right arm to be ambidextrous.
  2. Re:Not irresponsible disclosure by bcat24 · · Score: 0, Troll

    Yes, it's a remote code execution vulnerability, but it's still not a critical bug.
    Any remote code execution vulnerability is a critical bug, mkay?
  3. Re:Irresponsible disclosure by Cal+Paterson · · Score: 0, Troll

    "Yes" isn't an answer to the question.

  4. Re:yes, I use it by A+beautiful+mind · · Score: 0, Troll

    Isn't using Vista for those reasons a bit like being really proud of the great big bolted gate that is sure to keep intruders away, while your fence consists of grass and your house is next to the ultramodern nuclear bunker with built in natural habitat simulation that you have free access to and is frequented by hot women?

    --
    It takes a man to suffer ignorance and smile
    Be yourself no matter what they say