Microsoft Internet Explorer Frame Vulnerability

US-CERT is aware of publicly available proof-of-concept code for a vulnerability that affects Microsoft Internet Explorer 6, 7, and 8 beta 1. This vulnerability is due to improper access restriction to certain components of a document's frames. By convincing a user to view a specially crafted HTML document, an attacker may be able to access non-domain-specific elements from a web page that exists in a different domain. Exploitation of this vulnerability could allow an attacker to capture keystrokes or perform other malicious acts.

US-CERT encourages users to disable Active Scripting in the Internet Zone, as specified in the "Securing Your Web Browser" document. Additional information about this vulnerability can be found in the Vulnerability Notes Database.

US-CERT will provide additional information as it becomes available.

Read more: US-CERT Current Activity