CVE Reference: CVE-2004-1155

NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE:
CVE-2004-1155

Description:
Internet Explorer 5.01 through 6 allows remote attackers to spoof arbitrary web sites by injecting content from one window into another window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability. NOTE: later research shows that Internet Explorer 7 on Windows XP SP2 is also vulnerable.

CVE Status:
Candidate

References:

SAID
  Secunia Advisory: SA13251
  Secunia Advisory: SA22628

MISC
  http://secunia.com/multiple_browsers_window_injection_vulnerability_test/
  http://secunia.com/secunia_research/2004-13/advisory/

BUGTRAQ
  http://www.securityfocus.com/archive/1/archive/1/449917/100/0/threaded

BID
  11855


Return to the previous page.