----------------------------------------------------------------------

Secunia Network Software Inspector 2.0 (NSI) - Public Beta

The Public Beta has ended. Thanks to all that participated.

Learn more:
http://secunia.com/network_software_inspector_2/

----------------------------------------------------------------------

TITLE:
Internet Explorer "Print Table of Links" Cross-Zone Scripting

SECUNIA ADVISORY ID:
SA30141

VERIFY ADVISORY:
http://secunia.com/advisories/30141/

CRITICAL:
Less critical

IMPACT:
System access

WHERE:
>From remote

SOFTWARE:
Microsoft Internet Explorer 7.x
http://secunia.com/product/12366/
Microsoft Internet Explorer 6.x
http://secunia.com/product/11/

DESCRIPTION:
Aviv Raff has discovered a vulnerability in Internet Explorer, which
can be exploited by malicious people to compromise a user's system.

Input passed via links within an HTML file is not being properly
sanitised before being used to generate a printable HTML file. This
can be exploited to inject arbitrary script code, which is executed
in local context when a user is enticed to print a specially crafted
HTML document with the "Print table of links" option enabled.

Successful exploitation allows execution of arbitrary code.

The vulnerability is confirmed in Internet Explorer 6 and 7 on a
fully patched Windows XP SP2. Other versions may also be affected.

SOLUTION:
Do not print HTML files from untrusted sources with the "Print table
of links" option.

PROVIDED AND/OR DISCOVERED BY:
Aviv Raff

ORIGINAL ADVISORY:
http://aviv.raffon.net/2008/05/14/InternetExplorerQuotPrintTableOfLinksquotCrossZoneScriptingVulnerability.aspx

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

----------------------------------------------------------------------