Spoofed Frames Can Lead to Intrusion
A malicious Web page can be used to impersonate a window on a legitimate Web site. The spoofed window could collect information from the user and send it back to the malicious site. According to Microsoft Security Bulletin, "This vulnerability exists because Internet Explorer"s cross domain protection does not extend to navigation of frames. This makes it possible for a malicious web site to insert content into a frame within another web site"s window. If done properly, the user might not be able to tell that the frame contents were not from the legitimate site, and could be tricked into providing personal data to the malicious site. Non-secure (HTTP) and secure (HTTPS) sites are equally at risk from this vulnerability."
Click here for a demonstration
To learn more about NT Security concerns, subscribe to NTSDCredits
- Originally reported by Juan Carlos Garcia Cuartango
- Posted on The NT Shop on December 23, 1998