Frame injection
From Wikipedia, the free encyclopedia
 |
This article is an orphan, as few or no other articles link to it. Please introduce links to this page from related articles; suggestions may be available. (October 2008) |
For other uses, see Frame injection (disambiguation).
A frame injection attack is an attack on Internet Explorer 5, Internet Explorer 6 and Internet Explorer 7 to load arbitrary code in the browser.[1] This attack is caused by Internet Explorer not checking the destination of the resulting frame,[2] therefore allowing arbitrary code such as Javascript or VBScript. This also happens when code gets injected through frames due to scripts not validating their input.[3] This other type of frame injection affects all browsers and scripts that do not validate untrusted input.[4]
[edit] References
- ^ "Internet Explorer Frame Injection Vulnerability". Vulnerability Intelligence. Secunia Advisories. http://secunia.com/advisories/11966/. Retrieved 2008-09-13.
- ^ "Microsoft Security Bulletin (MS98-020)". Microsoft Corporation. http://www.microsoft.com/technet/security/bulletin/ms98-020.mspx. Retrieved 2008-09-13.
- ^ "Cross Frame Scripting - OWASP". OWASP. http://www.owasp.org/index.php/Cross_Frame_Scripting. Retrieved 2008-09-13.
- ^ "Secunia Advisory". Secunia. Archived from the original on 2007-12-19. http://web.archive.org/web/20071219181848/http://secunia.com/cve_reference/CVE-2004-0719/. Retrieved 2008-09-13.
