CVE-2008-2281

Internet Explorer <8.0b - XSS

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-2281. PoCs published by Aviv Raff.

AI-analyzed exploit summary This exploit leverages a Cross-Zone Scripting vulnerability in Internet Explorer's 'Print Table of Links' feature. By injecting a malicious script into a link's URL, an attacker can execute arbitrary code when the user prints the webpage with the feature enabled.

Description

Cross-zone scripting vulnerability in the Print Table of Links feature in Internet Explorer 6.0, 7.0, and 8.0b allows user-assisted remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via an HTML document with a link containing JavaScript sequences, which are evaluated by a resource script when a user prints this document.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Aviv Raff · htmlremotewindows

https://www.exploit-db.com/exploits/5619

View Code ZIP pw:eip

This exploit leverages a Cross-Zone Scripting vulnerability in Internet Explorer's 'Print Table of Links' feature. By injecting a malicious script into a link's URL, an attacker can execute arbitrary code when the user prints the webpage with the feature enabled.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Internet Explorer 7.0 and 8.0b

No auth needed

Prerequisites: User interaction to print the webpage with the 'Print Table of Links' feature enabled

MITRE ATT&CK