• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Microsoft Internet Explorer OBJECT Tag Same Origin Policy Violation Vulnerability

Microsoft Internet Explorer allows script code to violate the same origin policy through usage of the HTML OBJECT tag. Malicious script code may obtain a legitimate reference to an embedded object containing a web page from the same domain. This script may then change the location of the embedded object to a sensitive page, and maintain the reference to the object. This provides full access to the DOM of the embedded page.