June 30th, 2004, 07:36 PM
IE Frame Injection Vulnerability
Secunia Advisory: SA11966
Release Date: 2004-06-30
Where: From remote
Software: Microsoft Internet Explorer 5.01
Microsoft Internet Explorer 5.5
Microsoft Internet Explorer 6
http-equiv has discovered a 6 year old vulnerability in Microsoft Internet Explorer, allowing malicious people to spoof the content of websites.
The problem is that Internet Explorer fails to stop a malicious website from loading arbitrary content in an arbitrary frame in another browser window. An example has been posted, which shows arbitrary content in a frame on windowsupdate.microsoft.com.
Do not visit or follow links from untrusted websites.
Use another browser.
Read Security Bulletin
Just another reason people need to get rid of IE. Waht si it now? 3 unpatched vulnerabilities?
It\'s time to put an end to malicious code & black hat hackers - Use a firewall and anti virus!