Alnini.comUtilities » Security & Encryption » Internet Explorer 5.01 VBScript Handling Vulnerability Patch
  

Internet Explorer 5.01 VBScript Handling Vulnerability Patch MS02-009


Frames are used in Internet Explorer to provide for a fuller browsing experience. By design, scripts in the frame of one site or domain should be prohibited from accessing the content of frames in another site or domain. However, a flaw exists in how VBScript is handled in IE relating to validating cross-domain access. This flaw can allow scripts of one domain to access the contents of another domain in a frame. A malicious user could exploit this vulnerability by using scripting to extract the contents of frames in other domains, then sending that content back to their web site. This would enable the attacker to view files on the user's local machine or capture the contents of third-party web sites the user visited after leaving the attacker?s site. The latter scenario could, in the worst case, enable the attacker to learn personal information like user names, passwords, or credit card information. In both cases, the user would either have to go to a site under the attacker's control or view an HTML email sent by the attacker. In addition, the attacker would have to know the exact name and location of any files on the user's system. Further, the attacker could only gain access to files that can be displayed in a browser window, such as text files, HTML files, or image files.

Publisher:

File size:

300KB

Date added:

01/03/2002

Licence:

Free

Requirements:

Windows 95/98/Me/NT

Un/Install:

No

Downloads:

1,624

Download Now!

See Also

Folder Lock 4.375

Lock, hide, and password-protect personal files, folders, and pictures from other users of your PC.

Primedius Firewall Lite 1.62

Prevent intrusions into your PC by hackers, spyware, and adware.

Real Spy Monitor 2.07

Monitor all keystrokes, programs used, and Web sites visited on a PC.

Partners
• 

RSS | FAQ |

Links | Maestro

Copyright © 2004-2023 Alnini, Inc. All Rights Reserved. Privacy Policy | Terms of UseGeneration time: 0.02 | SQL queries: 8