CVE-2008-2281

Name of the Vulnerable Software and Affected Versions: Internet Explorer versions 6.0 through 8.0b

Description: A cross-zone scripting issue in the Print Table of Links feature allows remote attackers to inject arbitrary web script or HTML in the Local Machine Zone. This is achieved through an HTML document containing a link with JavaScript sequences, which are evaluated by a resource script when a user prints the document.

Recommendations: For Internet Explorer versions 6.0 through 8.0b, consider disabling the Print Table of Links feature as a temporary workaround until a patch is available. Restrict access to the resource script that evaluates JavaScript sequences in printed documents to minimize the risk of exploitation.