CVE-2008-2281

Internet Explorer <8.0b - XSS

Title source: llm

Description

Cross-zone scripting vulnerability in the Print Table of Links feature in Internet Explorer 6.0, 7.0, and 8.0b allows user-assisted remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via an HTML document with a link containing JavaScript sequences, which are evaluated by a resource script when a user prints this document.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Aviv Raff · htmlremotewindows

https://www.exploit-db.com/exploits/5619

View Code ZIP pw:eip

References (6)

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/5619

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/42416

[Third Party Advisory] http://www.vupen.com/english/advisories/2008/1529/references

[Vendor Advisory] http://secunia.com/advisories/30141

[Exploit] http://aviv.raffon.net/2008/05/14/InternetExplorerQuotPrintTableOfLinksquotCrossZoneScriptingVulnerability.aspx

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/29217

Scores

EPSS 0.5592

EPSS Percentile 98.1%

Details

Status published

Products (3)

microsoft/ie 8.0b

microsoft/internet_explorer 6.0

microsoft/internet_explorer 7.0

Published May 18, 2008

Tracked Since Feb 18, 2026