IE 7.0/8.0b Code Execution 0-Day Released

SecureThroughObscure writes "Security blogger and researcher Nate McFeters blogged about a 0-day exploit affecting IE7 and IE8 beta on XP that was released by noted security researcher Aviv Raff. The flaw is a 'cross-zone scripting' flaw that takes advantage of the fact that printing HTML web pages occurs in the Local Machine Zone in IE rather than in the Internet Zone. Quoting McFeters's post: 'This is currently unpatched and in all of its 0-day glory, so for the time being, beware printing using the "print table of links" option when printing web pages.' McFeters and others will be presenting at Black Hat on the link between cross-site scripting and cross-zone. Rob Carter has been hitting this hard over at his blog, pointing out cross-zone weaknesses in Azureus, uTorrent, and the Eclipse platform."

0-day

0-day? This term seems to have lots all meaning. Could we please stop using it?

Re:0-day

[Fast+Thick+Pants]

Zero is the answer to the question "How long has the vulnerability that this exploit exploits been patched?" I suppose you could call it a -24 since it probably won't be patched until next month's black Tuesday.

Re:0-day

[tyler.willard]

That's what the term seems to have mutated into, but it wasn't its original intent.

The whole point of coining the term in the first place was to be able to discuss the unknown; i.e., to be able to assess the potential danger of currently unknown threats. Day-1 refers to disclosure, as such there's no way to talk about a specific 0-day because if you know what it is than it has to at least be day-1.

Sure it's abstract, but it's an important concept for developing security technologies and security procedures.

Between product buzzwords and the abstract nature of the term it's almost lost all meaning.

Re:0-day

[Lincolnshire+Poacher]

> The whole "day thing" is about the time between disclosure and patch/signature release.

Do you have any citation for your assertion?

The term derives from warez "0-day boards". These were populated by the most elite crackers who had cracked software on the 0th-day of release; that is, the software hit the shelves and was already cracked.

Try doing a web search for ``0-day'' with a date threshold prior to, say, 1995. You won't find any hits for your interpretation:

http://www.alltheweb.com/search?advanced=1&cat=web&jsact=&_stype=norm&type=all&q=%220-day%22&itag=crv&l=en&ics=utf-8&cs=iso88591&wf%5Bn%5D=3&wf%5B0%5D%5Br%5D=%2B&wf%5B0%5D%5Bq%5D=&wf%5B0%5D%5Bw%5D=&wf%5B1%5D%5Br%5D=%2B&wf%5B1%5D%5Bq%5D=&wf%5B1%5D%5Bw%5D=&wf%5B2%5D%5Br%5D=-&wf%5B2%5D%5Bq%5D=&wf%5B2%5D%5Bw%5D=&dincl=&dexcl=&geo=&doctype=&dfr%5Bu%5D=on&dfr%5Bd%5D=1&dfr%5Bm%5D=1&dfr%5By%5D=1990&dto%5Bu%5D=on&dto%5Bd%5D=16&dto%5Bm%5D=5&dto%5By%5D=1995&hits=10

Try USENET for certainty ( blocked in work ).

Amazing

[duplicate-nickname]

I didn't even know that "Print table of links" was an option for printing in IE until today. My guess is that no one actually uses that feature, and this 0-day exploit affects roughly 0 people.

Re:Amazing

You're forgetting about another MSIE feature, a TWAIN plugin called "Scan table of links".

Proof

[morgan_greywolf]

This is proof of what I've said from the beginning -- the whole concept 'zones' in IE is stupid and pointless. Scripts should be allowed only what you allow them, period. You should be able to give permissions down to the individual site (ala NoScript) or even down to the individual script.

Usage

[Wowsers]

People still use Internet Exploder?

To view this article on one page...

[Thelasko]

please select the printable version.

end sarcasm

Re:Must we highlight every bug in IE?

[makomk]

The Debian OpenSSL bug definitely made the Slashdot home page; you must've missed it. (It was posted on Tuesday, a couple of hours after the official announcement - that's quite fast for Slashdot. This story, on the other hand, obviously wasn't considered as important - I read about it elsewhere a day or two ago.)