Internet Explorer print preview argument validation vulnerability

Added: 08/13/2008
CVE: CVE-2008-2259
BID: 30612
OSVDB: 47414

Background

Internet Explorer is an HTML web browser which comes by default on Microsoft operating systems.

Problem

A flaw in the handling of validation of arguments by the print preview function in Internet Explorer allows command execution when a user loads a specially crafted web page.

Resolution

Apply the fix referenced in Microsoft Security Bulletin 08-045.

References

http://www.microsoft.com/technet/security/bulletin/MS08-045.mspx

Limitations

Exploit works on Microsoft Internet Explorer 6.0.2800.1106 and 6.0.2900.2180 and requires the user to load the exploit page, and then refresh the page.

This exploit requires the ability to bind to port 69/UDP on the SAINTexploit host.

Platforms

Windows 2000
Windows XP

Back to exploit index