Frame Injection
   HOME

TheInfoList



Click Here for Items Related To - Frame Injection
OR:
Frame Injection on:   [Wikipedia]   [Google]   [Amazon]

A frame injection attack is an attack on
Internet Explorer 5 Microsoft Internet Explorer 5 (IE5) is a graphical web browser, the fifth version of Internet Explorer, the successor to Internet Explorer 4 and one of the main participants of the first browser war. Its distribution methods and Windows integrat ...
,
Internet Explorer 6 Microsoft Internet Explorer 6 (IE6) is a graphical web browser developed by Microsoft for Windows operating systems. Released on August 24, 2001, it is the sixth, and by now discontinued, version of Internet Explorer and the successor to Internet ...
and
Internet Explorer 7 Windows Internet Explorer 7 (IE7) (codenamed Rincon) is a web browser for Windows. It was released by Microsoft on October 18, 2006, as the seventh version of Internet Explorer and the successor to Internet Explorer 6. Internet Explorer 7 is pa ...
to load arbitrary code in the browser. This attack is caused by
Internet Explorer Internet Explorer (formerly Microsoft Internet Explorer and Windows Internet Explorer, commonly abbreviated IE or MSIE) is a series of graphical web browsers developed by Microsoft which was used in the Windows line of operating systems ( ...
not checking the destination of the resulting frame, therefore allowing arbitrary code such as
JavaScript JavaScript (), often abbreviated as JS, is a programming language that is one of the core technologies of the World Wide Web, alongside HTML and CSS. As of 2022, 98% of websites use JavaScript on the client side for webpage behavior, of ...
or
VBScript VBScript (''"Microsoft Visual Basic Scripting Edition"'') is an Active Scripting language developed by Microsoft that is modeled on Visual Basic. It allows Microsoft Windows system administrators to generate powerful tools for managing computers ...
. This also happens when code gets injected through frames due to scripts not validating their input. This other type of frame injection affects all browsers and scripts that do not validate untrusted input.


References

{{reflist


External links


Internet Explorer Frame Injection Vulnerability - Secunia - updated 2008 archive

Microsoft Security Bulletin (MS98-020) Updated: May 16, 2003
Injection exploits Hacking (computer security)