IE Frame Injection Vulnerability
Secunia Advisory: SA11966
Release Date: 2004-06-30
Moderately critical
Impact: Spoofing
Where: From remote
Software: Microsoft Internet Explorer 5.01
Microsoft Internet Explorer 5.5
Microsoft Internet Explorer 6
Description:
http-equiv has discovered a 6 year old vulnerability in Microsoft Internet Explorer, allowing malicious people to spoof the content of websites.
The problem is that Internet Explorer fails to stop a malicious website from loading arbitrary content in an arbitrary frame in another browser window. An example has been posted, which shows arbitrary content in a frame on windowsupdate.microsoft.com.
Solution:
Do not visit or follow links from untrusted websites.
Use another browser.
Read Security Bulletin
Just another reason people need to get rid of IE. Waht si it now? 3 unpatched vulnerabilities?