Jump to content

Frame injection

From Wikipedia, the free encyclopedia
This is an old revision of this page, as edited by Tohd8BohaithuGh1 (talk | contribs) at 13:17, 19 August 2008 (created page). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.
(diff) ← Previous revision | Latest revision (diff) | Newer revision → (diff)

A frame injection attack is an attack on Internet Explorer 5, Internet Explorer 6 and Internet Explorer 7 to load arbitrary code in the browser.[1] This attack is caused Internet Explorer not checking the destination of the resulting frame[2], therefore allowing arbitrary code such as Javascript or VBScript.[3]

Remedy

In the Internet Options dialog, disable "Navigate sub-frames across different domains" and do not visit or follow links from untrusted websites, spam emails or splogs.[4]

See also

References

  1. ^ http://secunia.com/advisories/11966/
  2. ^ http://www.microsoft.com/technet/security/bulletin/ms98-020.mspx
  3. ^ http://secunia.com/cve_reference/CVE-2004-0719/
  4. ^ http://secunia.com/advisories/11966/
Retrieved from "https://en.wikipedia.org/w/index.php?title=Frame_injection&oldid=232898721"