Overview
The Internet Explorer 5.5 Print Template feature contains a vulnerability that allows a web page author to execute arbitrary code as the user viewing the web page.
Description
Internet Explorer version 5.5 supports a feature called "print templates" which allows a web page author to specify a custom print format for the web page. Because the print templates are allowed to execute ActiveX controls, including those that are not marked "safe for scripting", a web page author can use a custom print template to execute arbitrary code as the user printing the web page. |
Impact
A user printing a malicious web page may allow a remote attacker to execute arbitrary code. |
Solution
Apply a Patch Microsoft has published patches correcting this vulnerability. The patches are listed in their advisory at: |
Vendor Information
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
Acknowledgements
Thanks to Warren R. Greer for discovering this vulnerability.
This document was written by Cory F. Cohen.
Other Information
| CVE IDs: | CVE-2001-0090 |
| Severity Metric: | 10.76 |
| Date Public: | 2000-12-01 |
| Date First Published: | 2002-09-27 |
| Date Last Updated: | 2002-09-27 17:44 UTC |
| Document Revision: | 12 |