Jump to content


Photo

IE Frame Injection Vulnerability


  • Please log in to reply
1 reply to this topic

#1 NeonWizard

NeonWizard

    Security Geek

  • Full Member
  • Pip
  • 49 posts

Posted 30 June 2004 - 12:48 PM

Secunia Advisory: SA11966
Release Date: 2004-06-30

Moderately critical
Impact: Spoofing
Where: From remote


Software: Microsoft Internet Explorer 5.01
Microsoft Internet Explorer 5.5
Microsoft Internet Explorer 6

Description:
http-equiv has discovered a 6 year old vulnerability in Microsoft Internet Explorer, allowing malicious people to spoof the content of websites.

The problem is that Internet Explorer fails to stop a malicious website from loading arbitrary content in an arbitrary frame in another browser window. An example has been posted, which shows arbitrary content in a frame on windowsupdate.microsoft.com.

Solution:
Do not visit or follow links from untrusted websites.

Use another browser.

Read Security Bulletin

Just another reason people need to get rid of IE. What si it now? 3 unpatched vulnerabilities?

#2 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,570 posts

Posted 13 July 2004 - 06:43 PM

FYI...

- http://secunia.com/advisories/11966/
"...2004-07-02: Updated solution...
Solution:
> Disable the following (IE) security setting:
(IE setting under >Tools>Internet>Options>Security>CustomLevel)
"Navigate sub-frames across different domains".

Also:
- http://www.spywarein...=30

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button