New Windows IE7 Cross-Scripting Problem Discovered

The Internet Patrol - Patrolling the Internet for You
Share the knowledge

Security researcher Aviv Raff has discovered another Windows Cross-Site Scripting (XSS) vulnerability in Internet Explorer 7. Thankfully, though the severity of this vulnerability is high, the chance of a successful exploitation is rather low. It is, however, glaringly simple for the hackers to attempt an exploit.

Computers that are known to be vulnerable are those running Windows XP (with any or none of the service patches installed), using IE7 or IE8beta. Computers running Vista are only affected if the user explicitly disables protected mode.

Internet Explorer contains a convenience feature when printing that permits the user to optionally print an appendix page containing a table of all the links on the printing web page. Because printing runs in the lower security levels of the ‘Local Machine Zone’ rather than on the tighter ‘Internet Zone’, if any of these links contain an injected script it can run any arbitrary code almost unhindered on the user’s ma chine.

Until Microsoft deliver a patch, we suggest you leave the “print table of links” box in its default unchecked state when printing a web page. Or you could install Firefox, for free.

No Paywall Here!
The Internet Patrol is and always has been free. We don't hide our articles behind a paywall, or restrict the number of articles you can read in a month if you don't give us money. That said, it does cost us money to run the site, so if something you read here was helpful or useful, won't you consider donating something to help keep the Internet Patrol free?
Click for amount options
Other Amount:
What info did you find here today?:

Share the knowledge

Leave a Reply

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.