Internet Explorer versions 5.5 and 6.0 are vulnerable to a Cross Frame Scripting attack, which may allow execution of arbitrary code.
It is possible to execute scripts on any page using <frame> or <iframe> elements, it ignores any protocol or domain restrictions set up in Internet Explorer. This means that an attacker can steal cookies from almost any site (remember many large sites allows rich media content adds, which often are based on iframe).
It is even possibly to access local files if an attacker can localize a local file which contains a frame or iframe tag, this is the case for privacypolicy.dlg.
This affects Internet Explorer 5.5 and 6.0 and all other programs such as Outlook which uses Internet Explorer WebBrowser control.
Solution: This has been fixed at some point by the latest Service Packs and patches.
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this
information to email@example.com
Subject: Internet Explorer Cross Frame Scripting
No posts yet
You must be logged in to post a comment.
Secunia Customer Login
Not a customer already?
Learn more about how our market leading Vulnerability Management solutions can help you manage risk and ensure compliance.