Microsoft Internet Explorer (all versions on all platforms)

Category: ALERT
Severity: MEDIUM
Attention: Internet Explorer users, Windows system Administrators, Desktop Support Personnel.

Summary: Numerous Internet Security resources are currently reporting the existence of a vulnerability in the "Print Table of Links" feature in Internet explorer.  The most likely mechanism of exploitation for this vulnerability is the printing of web pages from a maliciously-crafted website*.  Successful exploitation of this vulnerability could result in complete takeover of a vulnerable computer.   At the time of this writing (4:10 PM 5/14/08) a patch for this vulnerability has not been made available from the vendor.

"Print Table of Links" is a feature in Internet Explorer that allows users to print a tabular listing of all web links contained on a web page at the end of a regular web page printout.  It is accessed in most cases by selecting file>print in Internet explorer and then selecting the "options" tab and checking the "print table of links" checkbox.  Use of this option is likely to be uncommon for the majority of Internet explorer users, and it is NOT enabled by default in Internet Explorer. 

*It is important to note that recent research into the nature and trends of maliciously-crafted sites shows the majority of websites hosting maliciously-crafted software are ones users presume to be "legitimate" sites or advertisements for well-known and/or trusted products. 

Recommended Actions:   Internet Explorer users are encouraged not to print web pages with the "Print Table of Links" option enabled until a patch has been made available from Microsoft to address this vulnerability.

ITS Actions: N/A

Resources:

Avi Raffon Advisory:
http://aviv.raffon.net/2008/05/14/InternetExplorerQuotPrintTableOfLinksquotCrossZoneScriptingVulnerability.aspx

FrSIRT Advisory:
http://www.frsirt.com/english/advisories/2008/1529