Vulnerabilities > CVE-2004-1155 - Unspecified vulnerability in Microsoft IE and Internet Explorer

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

microsoft

NVD

Published: 2004-12-31

Updated: 2024-11-20

Summary

Internet Explorer 5.01 through 6 allows remote attackers to spoof arbitrary web sites by injecting content from one window into another window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability. NOTE: later research shows that Internet Explorer 7 on Windows XP SP2 is also vulnerable.

Vulnerable Configurations

Part	Description	Count
Application	Microsoft Microsoft IE 5.2.3 Microsoft IE 5.0.1 Microsoft IE 6.0 Microsoft IE 7.0 Microsoft Internet Explorer 5.5 Microsoft Internet Explorer 5.0.1 Microsoft Internet Explorer 6.0	18

References

http://secunia.com/advisories/13251/
http://secunia.com/advisories/13251/
http://secunia.com/advisories/22628
http://secunia.com/advisories/22628
http://secunia.com/multiple_browsers_window_injection_vulnerability_test/
http://secunia.com/multiple_browsers_window_injection_vulnerability_test/
http://secunia.com/secunia_research/2004-13/advisory/
http://secunia.com/secunia_research/2004-13/advisory/
http://www.securityfocus.com/archive/1/449917/100/0/threaded
http://www.securityfocus.com/archive/1/449917/100/0/threaded
http://www.securityfocus.com/bid/11855
http://www.securityfocus.com/bid/11855