Microsoft Internet Explorer Lets Remote Users Inject Content into Open Windows
|
|
SecurityTracker Alert ID: 1012458
|
|
SecurityTracker URL: http://securitytracker.com/id?1012458
|
|
CVE Reference: CAN-2004-1155
(Links to External Site)
|
Updated: Dec 10 2004
|
Original Entry Date: Dec 8 2004
|
Impact: Modification of system information
|
Exploit Included: Yes
|
Advisory: Secunia Research
|
Version(s): 6.0
|
Description: A vulnerability was reported in Microsoft Internet Explorer. A remote user can inject content into an open window in certain cases to spoof web site contents.
Secunia Research reported that if the target name of an open window is known, a remote user can create Javascript that, when loaded
by the target user, will display arbitrary content in the opened window. A remote user can exploit this to spoof the content of
potentially trusted web sites.
A demonstration exploit test is available at:
http://secunia.com/multiple_browsers_window_injection_vulnerability_test/
The
vendor was notified on November 19, 2004.
|
Impact: A remote user can inject arbitrary content into an open window in certain cases to spoof web site contents.
|
Solution: No solution was available at the time of this entry.
|
Vendor URL: www.microsoft.com/ (Links to External Site)
|
Cause: Access control error
|
Underlying OS: Windows (Any)
|
|
Message History:
None.
|
Source Message Contents
|
|
|
[Original Message Not Available for Viewing]
|
|
