Spoofed Frames Can Lead to Intrusion VERSIONS AFFECTED
DESCRIPTION A malicious Web page can be used to impersonate a window on a legitimate Web site. The spoofed window could collect information from the user and send it back to the malicious site. According to Microsoft Security Bulletin, "This vulnerability exists because Internet Explorer"s cross domain protection does not extend to navigation of frames. This makes it possible for a malicious web site to insert content into a frame within another web site"s window. If done properly, the user might not be able to tell that the frame contents were not from the legitimate site, and could be tricked into providing personal data to the malicious site. Non-secure (HTTP) and secure (HTTPS) sites are equally at risk from this vulnerability." DESCRIPTION Click here for a demonstration SOLUTION Be sure to read the Knowledge Base article associated with this concern. Appropriate hotfixes can be downloaded from Microsoft"s IE Web site. To learn more about NT Security concerns, subscribe to NTSD Credits- Originally reported by Juan Carlos Garcia Cuartango - Posted on The NT Shop on December 23, 1998 |
Spoofed Frames with IE
0 comments
Hide comments