IE Allows Circumvention of Domain Security
Reported January 8, 2000 by Georgio Guninski
This exposes the whole DOM of the target document and opens
lots of security risks. The problem allows reading local files, reading files from any
host, window spoofing, getting cookies, etc.
the new document, it has
A live demonstration is available at http://www.nat.bg/~joro/img2main.html
Microsoft is aware of this issue however no response was known at the time of this writing. To prevent this issue from affecting your systems, disable Active Scripting in the browser.
Discovered by Georgio Guninski