A frame injection attack is an attack on Internet Explorer 5, Internet Explorer 6 and Internet Explorer 7 to load arbitrary code in the browser. This attack is caused by Internet Explorer not checking the destination of the resulting frame, therefore allowing arbitrary code such as JavaScript or VBScript. This also happens when code gets injected through frames due to scripts not validating their input. This other type of frame injection affects all browsers and scripts that do not validate untrusted input.
External links
- Internet Explorer Frame Injection Vulnerability - Secunia - updated 2008 archive
- Microsoft Security Bulletin (MS98-020) Updated: May 16, 2003
References
"Internet Explorer Frame Injection Vulnerability". Vulnerability Intelligence. Secunia Advisories. 2004-06-30. Archived from the original on 2008-09-17. Retrieved 2008-09-13. Updated 2008-05-19 https://web.archive.org/web/20080917022529/http://secunia.com/advisories/11966/ ↩
"Microsoft Security Bulletin (MS98-020) Updated: May 16, 2003". Microsoft Corporation. 1998-12-23. Retrieved 2008-09-13. https://docs.microsoft.com/en-us/security-updates/securitybulletins/1998/ms98-020 ↩
"Cross Frame Scripting". OWASP. Retrieved 2008-09-13. https://owasp.org/www-community/attacks/Cross_Frame_Scripting ↩
"CVE-2004-0719 - CVE Reference". Secunia. 2007. Archived from the original on 2007-12-19. Retrieved 2008-09-13. https://web.archive.org/web/20071219181848/http://secunia.com/cve_reference/CVE-2004-0719/ ↩