Frame injection
From HandWiki
A frame injection attack is an attack on Internet Explorer 5, Internet Explorer 6 and Internet Explorer 7 to load arbitrary code in the browser.[1] This attack is caused by Internet Explorer not checking the destination of the resulting frame,[2] therefore allowing arbitrary code such as JavaScript or VBScript. This also happens when code gets injected through frames due to scripts not validating their input.[3] This other type of frame injection affects all browsers and scripts that do not validate untrusted input.[4]
References
- ↑ "Internet Explorer Frame Injection Vulnerability". Vulnerability Intelligence. Secunia Advisories. 2004-06-30. http://secunia.com/advisories/11966/. "Updated 2008-05-19"
- ↑ "Microsoft Security Bulletin (MS98-020) Updated: May 16, 2003". Microsoft Corporation. 1998-12-23. https://docs.microsoft.com/en-us/security-updates/securitybulletins/1998/ms98-020.
- ↑ "Cross Frame Scripting". OWASP. https://owasp.org/www-community/attacks/Cross_Frame_Scripting.
- ↑ "CVE-2004-0719 - CVE Reference". Secunia. 2007. http://secunia.com/cve_reference/CVE-2004-0719/.
External links
- Internet Explorer Frame Injection Vulnerability - Secunia - updated 2008 archive
- Microsoft Security Bulletin (MS98-020) Updated: May 16, 2003
 |  |
