• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

MS IE 5.01 JSObject Cross-Frame Vulnerability

Georgi Guninski <joro@nat.bg> has set up the following vulnerability demonstration page:
http://www.nat.bg/~joro/jsinject.html

Also, Hiromitsu Takagi <takagi@etl.go.jp> has modified the above demonstration to show that this can be exploited withour relying on scripting of Java applets. It is available at:
http://java-house.etl.go.jp/~takagi/java/test/Guninski-jsinject-modified/