Cross-Zone Scripting Vulnerability in Internet Explorer by Microsoft
CVE-2008-2281

Currently unrated

Key Information:

Vendor: Microsoft
Status: Ie; Internet Explorer
Vendor: CVE Published:; 18 May 2008

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 55%

What is CVE-2008-2281?

A vulnerability exists in the Print Table of Links feature in Internet Explorer versions 6.0, 7.0, and 8.0b, allowing user-assisted attackers to inject arbitrary web scripts or HTML into the Local Machine Zone through crafted HTML documents. When users print these documents, malicious JavaScript sequences can be evaluated, potentially compromising user security and privacy.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2008-2281 - Proof of Concept

References

https://www.exploit-db.com/exploits/5619

exploitx_refsource_EXPLOIT-DB

https://exchange.xforce.ibmcloud.com/vulnerabilities/42416

vdb-entryx_refsource_XF

http://www.vupen.com/english/advisories/2008/1529/references

vdb-entryx_refsource_VUPEN

EPSS Score

55% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
May 18, 2008
👾
Exploit known to exist
May 18, 2008
Vulnerability published
May 18, 2008
Vulnerability Reserved
May 18, 2008

CVE-2008-2281 Data

JSON