Filed under: Browser, Internet Explorer, Security, Software, firefox | Tags: Explorer, Internet, Published, Vulnerability
Israeli security researcher Aviv Raff on Wednesday published details about a zero-day vulnerability in Microsoft (NSDQ: MSFT) Internet Explorer.
Last week, Raff held a “treasure hunt” on his site, where he had hidden the exploit code. He declared “George the Greek” the contest winner in conjunction with the publication of details about the vulnerability.
More Internet InsightsWhite PapersThe 9 Noble Truths of Custom Experience: Website Wisdom for Everyone in the Organization Pro Football Team Improves Connection With Fans Through New Social Networking Site Prime Indian Securities Trading Site Moves to Web 2.0, Achieves Lead Generation Boost “Internet Explorer is prone to a Cross-Zone Scripting vulnerability in its ‘Print Table of Links’ feature,” Raff explained in a post on Milw0rm.com summarizing his proof-of-concept exploit. “This feature allows users to add to a printed Web page an appendix which contains a table of all the links in that Web page.”
According to Raff, an attacker can add a maliciously crafted link to any Web page that accepts user generated content that, under certain circumstances, lets the attacker take control of the user’s machine when he or she tries to print the page. (more…)
