Microsoft IE NavigateComplete2 Cross Frame Access Vulnerability

The NavigateComplete2 function in IE does not properly validate origin domains.

Therefore it is possible for a remote webserver to gain read access to local files on the machine of any website visitor or email recipient by accessing the browser object of a frame containing local content. The path and name of the file must be known by the attacker.


 

Privacy Statement
Copyright 2010, SecurityFocus