New Windows IE7 Cross-Scripting Problem Discovered - 1,401 Views,
|
Previous Article « Microsoft’s Reach Extends to the Universe with Microsoft WorldWide Telescope
Read Next Article » Classmates.com Links Infected with Spyware from XPOnlineScanner.com
Security researcher Aviv Raff has discovered another Windows Cross-Site Scripting (XSS) vulnerability in Internet Explorer 7. Thankfully, though the severity of this vulnerability is high, the chance of a successful exploitation is rather low. It is, however, glaringly simple for the hackers to attempt an exploit. Computers that are known to be vulnerable are those running Windows XP (with any or none of the service patches installed), using IE7 or IE8beta. Computers running Vista are only affected if the user explicitly disables protected mode. Internet Explorer contains a convenience feature when printing that permits the user to optionally print an appendix page containing a table of all the links on the printing web page. Because printing runs in the lower security levels of the ‘Local Machine Zone’ rather than on the tighter ‘Internet Zone’, if any of these links contain an injected script it can run any arbitrary code almost unhindered on the user’s ma chine. Until Microsoft deliver a patch, we suggest you leave the “print table of links” box in its default unchecked state when printing a web page. Or you could install Firefox, for free.
Follow Anne on
Twitter 
Friend Anne on Facebook
New Windows IE7 Cross-Scripting Problem Discovered
Twitter Explained in Plain English
Previous Article « Microsoft’s Reach Extends to the Universe with Microsoft WorldWide Telescope
Read Next Article » Classmates.com Links Infected with Spyware from XPOnlineScanner.com
Read more:
» Barack Obama Website Hacked to Send Visitors to Hillary Clinton’s Site
» New “Extremely Critical” Security Holes Discovered in Firefox
» Software Author Takes Down Copycat Pirate
» Man Discovers You Can Make Anyone’s iPhone Track Them and Report Back to You
For additional similar stories check out our archives on Everything Else
NOTE: We never, ever, ever will recommend any product or service on this site that we have not regularly used ourselves and do not wholeheartedly believe in. That said, in some cases after being very pleased with a product or service, we may enter into a relationship with the provider of that product or service such that if someone purchases that product or service based on our recommendation, we may get a small payment. Such payments go towards the upkeep of the Internet Patrol.
