Internet Explorer print preview argument validation vulnerability

2008-08-13T00:00:00
ID SAINT:BCA967F502448586CE7FF809940BB53E
Type saint
Reporter SAINT Corporation
Modified 2008-08-13T00:00:00

Description

Added: 08/13/2008
CVE: CVE-2008-2259
BID: 30612
OSVDB: 47414

Background

Internet Explorer is an HTML web browser which comes by default on Microsoft operating systems.

Problem

A flaw in the handling of validation of arguments by the print preview function in Internet Explorer allows command execution when a user loads a specially crafted web page.

Resolution

Apply the fix referenced in Microsoft Security Bulletin 08-045.

References

<http://www.microsoft.com/technet/security/bulletin/MS08-045.mspx>

Limitations

Exploit works on Microsoft Internet Explorer 6.0.2800.1106 and 6.0.2900.2180 and requires the user to load the exploit page, and then refresh the page.

This exploit requires the ability to bind to port 69/UDP on the SAINTexploit host.

Platforms

Windows 2000
Windows XP