Internet Explorer - new Frame Injection Vulnerability
A new IE "moderately critical" IE vulnerability was just posted by Secunia.
Internet Explorer Frame Injection Vulnerability
Secunia Advisory: SA11966
Release Date: 2004-06-30
Software: Microsoft Internet Explorer 5.01, 5.5, 6.0
Description: A 6 year old vulnerability has been discovered in Microsoft Internet Explorer, allowing malicious people to spoof the content of websites. The problem is that Internet Explorer fails to stop a malicious website from loading arbitrary content in an arbitrary frame in another browser window. An example has been posted, which shows arbitrary content in a frame on windowsupdate.microsoft.com.