• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Microsoft Internet Explorer IFRAME dialogArguments Cross-Zone Access Vulnerability

A vulnerability has been reported in Explorer that may allow for script code to be executed in the Local Zone. When an IFRAME in a dialog changes its location or Zone, the dialogArguments object provided by the calling content should not be accessible. It has been reported that this is not the case. The dialogArguments object is accessible despite the fact that its originating location/Zone is different from the parent.