Game over: A researcher who embedded a zero-day proof of concept for Internet Explorer in his blog last week has released details on the attack, which affects IE 7.0 as well as IE 8.0 (beta) browsers running on Windows XP.
Aviv Raff yesterday in his blog detailed the proof-of-concept attack on a cross-zone scripting vulnerability he had discovered in IE that lets an attacker run code on a users machine each time the victim prints a Web page with the Print Table of Links feature. This feature lets users include in a Web page printout a list of links on that page. Raff had challenged readers of his blog to find the zero-day exploit on his site on May 7.
Security experts dont consider the new vulnerability critical, but it can do some damage. An attacker can easily add a specially crafted link to a webpage (e.g. at his own website, comments in blogs, social networks, Wikipedia, etc.), so whenever a user will print this webpage with this feature enabled, the attacker will be able to run arbitrary code on the users machine (i.e. in order to take control over the machine), Raff wrote in his blog post yesterday.
The bug affects IE 7 and 8.0 beta on a patched XP machine, and partially affects Windows Vista with user access control turned on, according to Raff. Earlier versions of IE may also be prone to the attack, he said.
Raff said he alerted Microsoft to the bug last week. Their last response was that they are looking at an appropriate fix, he wrote. In the meantime, he recommends users dont deploy the print table of links feature when they print a Web page. Raff has posted a live POC of the browser attack at milw0rm.
Kelly Jackson Higgins, Senior Editor, Dark Reading