New Windows IE7 Cross-Scripting Problem Discovered

The Internet Patrol default featured image
Share the knowledge

Security researcher Aviv Raff has discovered another Windows Cross-Site Scripting (XSS) vulnerability in Internet Explorer 7. Thankfully, though the severity of this vulnerability is high, the chance of a successful exploitation is rather low. It is, however, glaringly simple for the hackers to attempt an exploit.

Computers that are known to be vulnerable are those running Windows XP (with any or none of the service patches installed), using IE7 or IE8beta. Computers running Vista are only affected if the user explicitly disables protected mode.

Internet Explorer contains a convenience feature when printing that permits the user to optionally print an appendix page containing a table of all the links on the printing web page. Because printing runs in the lower security levels of the ‘Local Machine Zone’ rather than on the tighter ‘Internet Zone’, if any of these links contain an injected script it can run any arbitrary code almost unhindered on the user’s ma chine.

Until Microsoft deliver a patch, we suggest you leave the “print table of links” box in its default unchecked state when printing a web page. Or you could install Firefox, for free.

Get New Internet Patrol Articles by Email!

The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.

CashApp us Square Cash app link

Venmo us Venmo link

Paypal us Paypal link

 


Share the knowledge

Leave a Reply

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.