Frame injection

Arbitrary code exploit in Internet Explorer

A frame injection attack is an attack on Internet Explorer 5, Internet Explorer 6 and Internet Explorer 7 to load arbitrary code in the browser.^[1] This attack is caused by Internet Explorer not checking the destination of the resulting frame,^[2] therefore allowing arbitrary code such as JavaScript or VBScript. This also happens when code gets injected through frames due to scripts not validating their input.^[3] This other type of frame injection affects all browsers and scripts that do not validate untrusted input.^[4]

References

[edit ]

^ "Internet Explorer Frame Injection Vulnerability". Vulnerability Intelligence. Secunia Advisories. 2004年06月30日. Archived from the original on 2008年09月17日. Retrieved 2008年09月13日. Updated 2008年05月19日
^ "Microsoft Security Bulletin (MS98-020) Updated: May 16, 2003". Microsoft Corporation. 1998年12月23日. Retrieved 2008年09月13日.
^ "Cross Frame Scripting". OWASP. Retrieved 2008年09月13日.
^ "CVE-2004-0719 - CVE Reference". Secunia. 2007. Archived from the original on 2007年12月19日. Retrieved 2008年09月13日.

External links

[edit ]

Retrieved from "https://en.wikipedia.org/w/index.php?title=Frame_injection&oldid=1202093209"