Secunia Advisory: SA11966
Release Date: 2004-06-30
Moderately critical
Impact: Spoofing
Where: From remote
Software: Microsoft Internet Explorer 5.01
Microsoft Internet Explorer 5.5
Microsoft Internet Explorer 6
Description:
http-equiv has discovered a 6 year old vulnerability in Microsoft Internet Explorer, allowing malicious people to spoof the content of websites.
The problem is that Internet Explorer fails to stop a malicious website from loading arbitrary content in an arbitrary frame in another browser window. An example has been posted, which shows arbitrary content in a frame on windowsupdate.microsoft.com.
Solution:
Do not visit or follow links from untrusted websites.
Use another browser.
Read Security Bulletin
Just another reason people need to get rid of IE. What si it now? 3 unpatched vulnerabilities?
IE Frame Injection Vulnerability
Started by
NeonWizard
, Jun 30 2004 11:48 AM
1 reply to this topic
#2
AplusWebMaster
-
- SWI Friend
-
- 11,104 posts
AplusWebMaster
Posted 13 July 2004 - 05:43 PM
FYI...
- http://secunia.com/advisories/11966/
"...2004-07-02: Updated solution...
Solution:
> Disable the following (IE) security setting:
(IE setting under >Tools>Internet>Options>Security>CustomLevel)
"Navigate sub-frames across different domains".
Also:
- http://www.spywarein...=30
- http://secunia.com/advisories/11966/
"...2004-07-02: Updated solution...
Solution:
> Disable the following (IE) security setting:
(IE setting under >Tools>Internet>Options>Security>CustomLevel)
"Navigate sub-frames across different domains".
Also:
- http://www.spywarein...=30
.The machine has no brain.
......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
