Code Execution Exploit for Internet Explorer 7.0/8.0b

Internet Explorer has been found to be vulnerable to a cross-zone scripting when a user prints an HTML page and the browser is using its “Print Table of Links” options. The vulnerability exists because printing takes place in the local zone not the Internet zone. Any links within the page are not validated allowing for malicious code to be injected and run. The solution is simply to print without the “Print Table of Links” option. The original advisory can be read at: http://aviv.raffon.net/2008/05/14/InternetExplorerQuotPrintTableOfLinksquotCrossZoneScriptingVulnerability.aspx

ICQ Vulnerability Should Increase Your Vigilance

A newly discovered format string error in ICQ version 6 build 6043 once again highlights the need to be cautious about who you are conversing with. Interaction  with the embedded Internet Explorer component can allow specially crafted messages to execute arbitrary code on the affected system. Make sure that you only open messages from known and trusted contacts.  It is a good idea to clean unknown or untrusted contacts from your contact list and enable the “Accept messages only from contacts” option. The build named above is known to be vulnerable other versions may also be affected