Internet Explorer "Print Table of Links" Cross-Zone Scripting - Advisories - Secunia
HTMLファイルのLINKが正常にサニタイズされていないため、Print Table Of Linksオプションが有効になっている場合コードが実行される可能性があるとの事。
Input passed via links within an HTML file is not being properly sanitised before being used to generate a printable HTML file. This can be exploited to inject arbitrary script code, which is executed in local context when a user is enticed to print a specially crafted HTML document with the "Print table of links" option enabled.
Successful exploitation allows execution of arbitrary code.
The vulnerability is confirmed in Internet Explorer 6 and 7 on a fully patched Windows XP SP2. Other versions may also be affected.