Microsoft Internet Explorer Invalid Byte Cross-Frame Access Vulnerability

Microsoft Internet Explorer Invalid Byte Cross-Frame Access Vulnerability

Georgi Guninski <guninski@guninski.com> has set up the following demonstration pages:

Exploit through HTML mail message:

http://www.guninski.com/scriptlet.html

http://www.guninski.com/scrspoof.html

Exploit through TDC:

http://www.guninski.com/scrauto.html

Alp Sinan <alp@uk2.net> has set up the following demonstration pages:

Reading of local files:
http://horoznet.com/AlpSinan/localread.htm

Window spoofing:
http://horoznet.com/AlpSinan/webspoof.htm

Cross-frame security circumvention
http://horoznet.com/AlpSinan/crossframe.htm