Frame injection

A frame injection attack is an attack on Internet Explorer 5, Internet Explorer 6 and Internet Explorer 7 to load arbitrary code in the browser.[1] This attack is caused by Internet Explorer not checking the destination of the resulting frame,[2] therefore allowing arbitrary code such as JavaScript or VBScript. This also happens when code gets injected through frames due to scripts not validating their input.[3] This other type of frame injection affects all browsers and scripts that do not validate untrusted input.[4]

References

"Internet Explorer Frame Injection Vulnerability". Vulnerability Intelligence. Secunia Advisories. Retrieved 2008-09-13.
"Microsoft Security Bulletin (MS98-020)". Microsoft Corporation. Retrieved 2008-09-13.
"Cross Frame Scripting - OWASP". OWASP. Retrieved 2008-09-13.
"Secunia Advisory". Secunia. Archived from the original on 2007-12-19. Retrieved 2008-09-13.

External links

This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.

[1] "Internet Explorer Frame Injection Vulnerability". Vulnerability Intelligence. Secunia Advisories. Retrieved 2008-09-13.

[2] "Microsoft Security Bulletin (MS98-020)". Microsoft Corporation. Retrieved 2008-09-13.

[3] "Cross Frame Scripting - OWASP". OWASP. Retrieved 2008-09-13.

[4] "Secunia Advisory". Secunia. Archived from the original on 2007-12-19. Retrieved 2008-09-13.