[Vulnerable] Microsoft Internet Explorer --Frame Injection--

Internet Explorer Frame Injection Vulnerability

Critical: Moderately critical
Impact: Spoofing
Where: From remote

Software:
Microsoft Internet Explorer 5.01
Microsoft Internet Explorer 5.5
Microsoft Internet Explorer 6

Choose a product and view comprehensive vulnerability statistics and
all Secunia advisories affecting it.

Description:
http-equiv has discovered a 6 year old vulnerability in Microsoft
Internet Explorer, allowing malicious people to spoof the content of
websites.

The problem is that Internet Explorer fails to stop a malicious
website from loading arbitrary content in an arbitrary frame in
another browser window. An example has been posted, which shows
arbitrary content in a frame on windowsupdate.microsoft.com.

Successful exploitation allows a malicious site to load arbitrary
content, which appears to originate from a trusted site.

This vulnerability is similar to an old vulnerability fixed by
MS98-020 in Internet Explorer version 3 and 4.

The vulnerability has been confirmed in a fully patched Internet
Explorer 6 running on Microsoft Windows XP. Other versions of Internet
Explorer may also be affected.

Solution:
Do not visit or follow links from untrusted websites.

Use another browser.



Fuente de la informacion: http://secunia.com/advisories/11966/


Meritorios de Filtrado (Kill-File Global):
tella llop, jm (N.B. 2003.10.25)


«Prefiero molestar con la verdad que complacer con adulaciones (Lucio Anneo Seneca)»