Vulnerabilities > CVE-2004-1155 - Unspecified vulnerability in Microsoft IE and Internet Explorer
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Internet Explorer 5.01 through 6 allows remote attackers to spoof arbitrary web sites by injecting content from one window into another window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability. NOTE: later research shows that Internet Explorer 7 on Windows XP SP2 is also vulnerable.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 18 |
References
- http://www.securityfocus.com/bid/11855
- http://secunia.com/multiple_browsers_window_injection_vulnerability_test/
- http://secunia.com/secunia_research/2004-13/advisory/
- http://secunia.com/advisories/13251/
- http://secunia.com/advisories/22628
- http://www.securityfocus.com/archive/1/449917/100/0/threaded