IE Frame Injection Vulnerability
Posted 30 June 2004 - 11:48 AM
Release Date: 2004-06-30
Where: From remote
Software: Microsoft Internet Explorer 5.01
Microsoft Internet Explorer 5.5
Microsoft Internet Explorer 6
http-equiv has discovered a 6 year old vulnerability in Microsoft Internet Explorer, allowing malicious people to spoof the content of websites.
The problem is that Internet Explorer fails to stop a malicious website from loading arbitrary content in an arbitrary frame in another browser window. An example has been posted, which shows arbitrary content in a frame on windowsupdate.microsoft.com.
Do not visit or follow links from untrusted websites.
Use another browser.
Read Security Bulletin
Just another reason people need to get rid of IE. What si it now? 3 unpatched vulnerabilities?
Posted 13 July 2004 - 05:43 PM
"...2004-07-02: Updated solution...
> Disable the following (IE) security setting:
(IE setting under >Tools>Internet>Options>Security>CustomLevel)
"Navigate sub-frames across different domains".
.The machine has no brain.
......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...