The printing vulnerability also affects IE7

May 21, 2008 12:49 GMT  ·  By

Both Internet Explorer 7 and Internet Explorer 8 in its current phase of development, namely Beta 1, are vulnerable to a critical zero-day security flaw with proof-of-concept code available in the wild. The Cross-Zone Scripting vulnerability in the browser's "Print Table of Links" feature was discovered by independent security researcher Aviv Raff, who also made public the attack code the past week. Microsoft was informed about the vulnerability but has so far failed to issue a patch in response. However, security company BitDefender informed that it had already addressed the problem by issuing a signature update for its products.

The zero-day Cross-Zone Scripting vulnerability was proved to allow remote code execution in the eventuality of successful exploits targeting either IE7 or IE8 Beta 1 running on Windows XP. IE6 is also reportedly affected, although this detail has yet to be confirmed. When the vulnerability is exploited in IE7 or IE8 Beta 1 browsers running in Windows Vista with User Account Control enabled the risk is less severe, allowing only information disclosure.

Since Microsoft is loyal to a monthly patch cycle, and releases out-of-band security updates only when the risk posed to users is extreme, and attacks widespread, the Redmond company informed Raff that it would look into the problem, and did not point to a specific date when the flaw is patched. At this point in time, BitDefender is the sole security vendor that has updated its products in order to offer protection from potential hacking attacks that would seek to exploit the vulnerability.

"The exploitable vulnerability results from a combination of coding mistakes and sloppy security thinking," commented BitDefender Innovations Product Manager Alexandru Balan. "The code has numerous bugs but it is also executed in a lower-security context than it should be and the combination opens a way for hackers to compromise a system."

In the video embedded at the bottom, you will be able to see the vulnerability exploited in Internet Explorer 7 running on Windows XP. Printing a maliciously crafter web page with the "Print Table of Links" option checked results in the arbitrary code being executed on the compromised machines. In this case, the code simply runs Calculator but, at this stage, an attacker would be able to completely take over the box.