[SEG] Microsoft Internet Explorer Window Injection Vulnerability

(ver "solution" :-)


Microsoft Internet Explorer Window Injection Vulnerability
http://secunia.com/advisories/13251/

Secunia Advisory: SA13251 Print Advisory
Release Date: 2004-12-08

Critical:Moderately critical
Impact: Spoofing
Where: From remote
Solution Status: Unpatched

Software:
Microsoft Internet Explorer 5.01
Microsoft Internet Explorer 5.5
Microsoft Internet Explorer 6

Select a product and view a complete list of all Patched/Unpatched
Secunia advisories affecting it.

Description:
Secunia Research has reported a vulnerability in Microsoft Internet
Explorer, which can be exploited by malicious people to spoof the
content of websites.

The problem is that a website can inject content into another site's
window if the target name of the window is known. This can e.g. be
exploited by a malicious website to spoof the content of a pop-up
window opened on a trusted website.

This is related to:
SA11966

Secunia has constructed a test, which can be used to check if your
browser is affected by this issue:
http://secunia.com/multiple_browser...lity_test/

The vulnerability has been confirmed on a fully patched system with
Internet Explorer 6.0 and Microsoft Windows XP SP1/SP2.

Solution:
Do not browse untrusted sites while browsing trusted sites.

Provided and/or discovered by:
Secunia Research

Original Advisory:
http://secunia.com/secunia_research.../advisory/

Other References:
SA11966:
http://secunia.com/advisories/11966/