Microsoft Internet Explorer frame/iframe javascript: URL cross-domain script execution

ie-frame-script-execution (10066)

High Risk

Description:

Microsoft Internet Explorer could allow a remote attacker to execute malicious JavaScript on any Web page that uses a <frame> or <iframe> element. A remote attacker could exploit this vulnerability by setting the URL in a Web page's <frame> or <iframe> element to a javascript: URL (i.e.: javascript:alert (document.cookie), which would cause the script to be executed in the security context of the currently loaded site. If the child frame is located in a different domain as the parent, the attacker would need to change the URL of the child frame to that of the parent before setting the javascript: URL. An attacker could use this vulnerability to steal a user's cookies or possibly access and modify Web content.

This vulnerability could also be used to read local files or execute programs on a victim's computer by creating a page that loads the PrivacyPolicy.dlg file, which contains a <frame> element, and then modifying the URL of this file's frame to the javascript: URL. The PrivacyPolicy.dlg file was included with Internet Explorer 6.0 only.

Platforms Affected:

• Microsoft, Internet Explorer 5.5
• Microsoft, Internet Explorer 6

Remedy:

Apply the appropriate patch for your system, as listed in the latest Microsoft Security Bulletin. See References.

— OR —

Use Microsoft Automatic Update if it is supported by your operating system. The original bulletin issued by Microsoft has been superseded.

Consequences:

Gain Access

References:

• BugTraq Mailing List, Tue Sep 10 2002 - 12:21:53 CDT, RE: Who framed Internet Explorer and IE6 SP1 at http://archives.neohapsis.com/archives/bugtraq/2002-09/0095.html.
• CIAC Information Bulletin N-018, Microsoft Cumulative Patch for Internet Explorer at http://www.ciac.org/ciac/bulletins/n-018.shtml.
• GreyMagic Security Advisory GM#010-IE, Who framed Internet Explorer. at http://sec.greymagic.com/adv/gm010-ie/.
• Microsoft Corporation Web site, What You Should Know About Microsoft Security Bulletin MS02-066 at http://www.microsoft.com/security/security_bulletins/ms02-066.asp.
• Microsoft Security Bulletin MS02-066, Cumulative Patch for Internet Explorer (Q328970) at http://www.microsoft.com/technet/security/bulletin/ms02-066.mspx.
• Microsoft Security Bulletin MS02-068, Cumulative Patch for Internet Explorer (324929) at http://www.microsoft.com/technet/security/Bulletin/MS02-068.mspx.
• Microsoft Security Bulletin MS03-004, Cumulative Patch for Internet Explorer (810847) at http://www.microsoft.com/technet/security/bulletin/ms03-004.mspx.
• Microsoft Security Bulletin MS03-015, Cumulative Patch for Internet Explorer (813489) at http://www.microsoft.com/technet/security/bulletin/ms03-015.mspx.
• Microsoft Security Bulletin MS03-032, Cumulative Patch for Internet Explorer (822925) at http://www.microsoft.com/technet/security/bulletin/ms03-032.mspx.
• Microsoft Security Bulletin MS03-040, Cumulative Patch for Internet Explorer (828750) at http://www.microsoft.com/technet/security/bulletin/ms03-040.mspx.
• Microsoft Security Bulletin MS03-048, Cumulative Security Update for Internet Explorer (824145) at http://www.microsoft.com/technet/security/bulletin/ms03-048.mspx.
• Microsoft Security Bulletin MS04-004, Cumulative Security Update for Internet Explorer (832894) at http://www.microsoft.com/technet/security/bulletin/ms04-004.mspx.
• Microsoft Security Bulletin MS04-025, Cumulative Security Update for Internet Explorer (867801) at http://www.microsoft.com/technet/security/bulletin/ms04-025.mspx.
• Microsoft Security Bulletin MS04-038, Cumulative Security Update for Internet Explorer (834707) at http://www.microsoft.com/technet/security/bulletin/ms04-038.mspx.
• Microsoft Security Bulletin MS04-040, Cumulative Security Update for Internet Explorer (889293) at http://www.microsoft.com/technet/security/bulletin/ms04-040.mspx.
• Microsoft Security Bulletin MS05-014, Cumulative Security Update for Internet Explorer (867282) at http://www.microsoft.com/technet/security/bulletin/ms05-014.mspx.
• Microsoft Security Bulletin MS05-020, Cumulative Security Update for Internet Explorer (890923) at http://www.microsoft.com/technet/security/Bulletin/MS05-020.mspx.
• Microsoft Security Bulletin MS05-025, Cumulative Security Update for Internet Explorer (883939) at http://www.microsoft.com/technet/security/bulletin/ms05-025.mspx.
• Microsoft Security Bulletin MS05-038, Cumulative Security Update for Internet Explorer (896727) at http://www.microsoft.com/technet/security/bulletin/ms05-038.mspx.
• Microsoft Security Bulletin MS05-052, Cumulative Security Update for Internet Explorer (896688) at http://www.microsoft.com/technet/security/Bulletin/MS05-052.mspx.
• Microsoft Security Bulletin MS05-054, Cumulative Security Update for Internet Explorer (905915) at http://www.microsoft.com/technet/security/Bulletin/MS05-054.mspx.
• Microsoft Security Bulletin MS06-004, Cumulative Security Update for Internet Explorer (910620) at http://www.microsoft.com/technet/security/Bulletin/MS06-004.mspx.
• Microsoft Security Bulletin MS06-013, Cumulative Security Update for Internet Explorer (912812) at http://www.microsoft.com/technet/security/Bulletin/MS06-013.mspx.
• Microsoft Security Bulletin MS06-021, Cumulative Security Update for Internet Explorer (916281) at http://www.microsoft.com/technet/security/Bulletin/MS06-021.mspx.
• Microsoft Security Bulletin MS06-042, Cumulative Security Update for Internet Explorer (918899) at http://www.microsoft.com/technet/security/bulletin/ms06-042.mspx.
• Microsoft Security Bulletin MS06-067, Cumulative Security Update for Internet Explorer (922760) at http://www.microsoft.com/technet/security/bulletin/ms06-067.mspx.
• Microsoft Security Bulletin MS06-072, Cumulative Security Update for Internet Explorer (925454) at http://www.microsoft.com/technet/security/Bulletin/MS06-072.mspx.
• Microsoft Security Bulletin MS07-016, Cumulative Security Update for Internet Explorer (928090) at http://www.microsoft.com/technet/security/Bulletin/ms07-016.mspx.
• Microsoft Security Bulletin MS07-027, Cumulative Security Update for Internet Explorer (931768) at http://www.microsoft.com/technet/security/bulletin/ms07-027.mspx.
• Microsoft Security Bulletin MS07-033, Cumulative Security Update for Internet Explorer (933566) at http://www.microsoft.com/technet/security/bulletin/ms07-033.mspx.
• Microsoft Security Bulletin MS07-045, Cumulative Security Update for Internet Explorer (937143) at http://www.microsoft.com/technet/security/bulletin/ms07-045.mspx.
• Microsoft Security Bulletin MS07-057, Cumulative Security Update for Internet Explorer (939653) at http://www.microsoft.com/technet/security/Bulletin/MS07-057.mspx.
• Microsoft Security Bulletin MS07-069, Cumulative Security Update for Internet Explorer (942615) at http://www.microsoft.com/technet/security/bulletin/ms07-069.mspx.
• Microsoft Security Bulletin MS08-010, Cumulative Security Update for Internet Explorer (944533) at http://www.microsoft.com/technet/security/bulletin/ms08-010.mspx.
• Microsoft Security Bulletin MS08-024, Cumulative Security Update for Internet Explorer (947864) at http://www.microsoft.com/technet/security/bulletin/ms08-024.mspx.
• Microsoft Security Bulletin MS08-031, Cumulative Security Update for Internet Explorer (950759) at http://www.microsoft.com/technet/security/Bulletin/MS08-031.mspx.
• Microsoft Security Bulletin MS08-045, Cumulative Security Update for Internet Explorer (953838) at http://www.microsoft.com/technet/security/bulletin/ms08-045.mspx.
• Microsoft Security Bulletin MS08-058, Cumulative Security Update for Internet Explorer (956390) at http://www.microsoft.com/technet/security/bulletin/ms08-058.mspx.
• BID-5672: Microsoft Internet Explorer IFrame/Frame Cross-Site/Zone Script Execution Vulnerability
• CVE-2002-1187: Cross-site scripting vulnerability (XSS) in Internet Explorer 5.01 through 6.0 allows remote attackers to read and execute files on the local system via web pages using the or