Jump to content


IE Frame Injection Vulnerability

  • Please log in to reply
1 reply to this topic

#1 NeonWizard


    Security Geek

  • Full Member
  • Pip
  • 49 posts

Posted 30 June 2004 - 11:48 AM

Secunia Advisory: SA11966
Release Date: 2004-06-30

Moderately critical
Impact: Spoofing
Where: From remote

Software: Microsoft Internet Explorer 5.01
Microsoft Internet Explorer 5.5
Microsoft Internet Explorer 6

http-equiv has discovered a 6 year old vulnerability in Microsoft Internet Explorer, allowing malicious people to spoof the content of websites.

The problem is that Internet Explorer fails to stop a malicious website from loading arbitrary content in an arbitrary frame in another browser window. An example has been posted, which shows arbitrary content in a frame on windowsupdate.microsoft.com.

Do not visit or follow links from untrusted websites.

Use another browser.

Read Security Bulletin

Just another reason people need to get rid of IE. What si it now? 3 unpatched vulnerabilities?

#2 AplusWebMaster



  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 13 July 2004 - 05:43 PM


- http://secunia.com/advisories/11966/
"...2004-07-02: Updated solution...
> Disable the following (IE) security setting:
(IE setting under >Tools>Internet>Options>Security>CustomLevel)
"Navigate sub-frames across different domains".

- http://www.spywarein...=30
.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...

Member of UNITE
Support SpywareInfo Forum - click the button