Frame_injection

Frame injection

Arbitrary code exploit in Internet Explorer

A frame injection attack is an attack on Internet Explorer 5, Internet Explorer 6 and Internet Explorer 7 to load arbitrary code in the browser.^[1] This attack is caused by Internet Explorer not checking the destination of the resulting frame,^[2] therefore allowing arbitrary code such as JavaScript or VBScript. This also happens when code gets injected through frames due to scripts not validating their input.^[3] This other type of frame injection affects all browsers and scripts that do not validate untrusted input.^[4]

Share this article:

This article uses material from the Wikipedia article Frame_injection, and is written by contributors. Text is available under a CC BY-SA 4.0 International License; additional terms may apply. Images, videos and audio are available under their respective licenses.

[1] [1]
"Internet Explorer Frame Injection Vulnerability". Vulnerability Intelligence. Secunia Advisories. 2004-06-30. Archived from the original on 2008-09-17. Retrieved 2008-09-13. Updated 2008-05-19

[2] [2]
"Microsoft Security Bulletin (MS98-020) Updated: May 16, 2003". Microsoft Corporation. 1998-12-23. Retrieved 2008-09-13.

[3] [3]
"Cross Frame Scripting". OWASP. Retrieved 2008-09-13.

[4] [4]
"CVE-2004-0719 - CVE Reference". Secunia. 2007. Archived from the original on 2007-12-19. Retrieved 2008-09-13.

[1]

[2]

[3]

[4]

Frame_injection

Frame injection

References

External links

Share this article: