New Windows IE7 Cross-Scripting Problem Discovered 5/28/2008 - 859 views,
|
Previous Article « Microsoft’s Reach Extends to the Universe with Microsoft WorldWide Telescope
Read Next Article » Classmates.com Links Infected with Spyware from XPOnlineScanner.com
Security researcher Aviv Raff has discovered another Windows Cross-Site Scripting (XSS) vulnerability in Internet Explorer 7. Thankfully, though the severity of this vulnerability is high, the chance of a successful exploitation is rather low. It is, however, glaringly simple for the hackers to attempt an exploit. Computers that are known to be vulnerable are those running Windows XP (with any or none of the service patches installed), using IE7 or IE8beta. Computers running Vista are only affected if the user explicitly disables protected mode. Internet Explorer contains a convenience feature when printing that permits the user to optionally print an appendix page containing a table of all the links on the printing web page. Because printing runs in the lower security levels of the ‘Local Machine Zone’ rather than on the tighter ‘Internet Zone’, if any of these links contain an injected script it can run any arbitrary code almost unhindered on the user’s ma chine. Until Microsoft deliver a patch, we suggest you leave the “print table of links” box in its default unchecked state when printing a web page. Or you could install Firefox, for free.
Previous Article « Microsoft’s Reach Extends to the Universe with Microsoft WorldWide Telescope
Read Next Article » Classmates.com Links Infected with Spyware from XPOnlineScanner.com
|
|
Email the link for this page to a friend! |
Read more:
» Barack Obama Website Hacked to Send Visitors to Hillary Clinton’s Site
» New “Extremely Critical” Security Holes Discovered in Firefox
» Software Author Takes Down Copycat Pirate
» Hurricane Katrina Email Hoax Invokes Red Cross
For additional similar stories check out our archives on Everything Else
