HTMLファイルのLINKが正常にサニタイズされていないため、Print Table Of Linksオプションが有効になっている場合コードが実行される可能性があるとの事。

Input passed via links within an HTML file is not being properly sanitised before being used to generate a printable HTML file. This can be exploited to inject arbitrary script code, which is executed in local context when a user is enticed to print a specially crafted HTML document with the "Print table of links" option enabled.

Successful exploitation allows execution of arbitrary code.

The vulnerability is confirmed in Internet Explorer 6 and 7 on a fully patched Windows XP SP2. Other versions may also be affected.

関連URL