Heise Online is reporting that a new flaw in Internet Explorer 7 has been found. The flaw allows programs to be run silently when a page is printed from the Internet. The vulnerability is said to be based on a cross-zone scripting hole that allows code to be executed in the local zone rather than the Internet zone.
Even though IE7 will warn users that a script is running the flaw will allow the program to be run even if a user disallows the execution of the program. Heise says it was able to reproduce the hole on Windows XP SP2 and IE7.
With Windows Vista systems running User Account control attackers can only spy on information. Heise says users are warned to not print web pages with links tables until Microsoft issues a patch for the flaw.
Via Heise Online