• Product Information
• Security Products Overview
• Juniper Networks ISG Series
• IDP Demo
• Product Poster & Z-Card 

Title: Microsoft Internet Explorer BackToFramedJPU Cross-Domain Policy Vulnerability

Severity: HIGH

Description:

A vulnerability has been reported in sub-frames in Microsoft Internet Explorer. Because of this, an attacker may be able to violate cross-domain policy.

The problem is a variation of vulnerabilities previously reported by Liu Die Yu (which are covered in BID 8577). The issue involves navigating sub-frames to a JavaScript protocol URI and the use of history.back(). The problem components could allow for script code to access properties of a page from a foreign domain, stored in the browser history. This issue, by itself, could permit a malicious web page to interact with a foreign domain, potentially allowing for theft of sensitive information or other attacks. By exploiting this issue in combination with other vulnerabilities (such as BIDs 9105 and 9107), it will be possible to execute malicious code on the client system in the context of the Local Zone.

Symantec has confirmed that this issue is exploitable on IE 5.0 as well as the version tested by the researcher.

Due to the ease of exploitation and the existence of other vulnerabilities which may be exploited in tandem with this BID, it is probable that this issue will be widely exploited in the wild.

This issue was originally covered in BID 9100 "Multiple Internet Explorer Browser Security Model Compromise Vulnerabilities" and is now being assigned its own BID.

Affected Products:

• Microsoft Internet Explorer 5.0
• Microsoft Internet Explorer 5.0.1
• Microsoft Internet Explorer 5.0.1 SP1
• Microsoft Internet Explorer 5.0.1 SP2
• Microsoft Internet Explorer 5.0.1 SP3
• Microsoft Internet Explorer 5.0.1 SP4
• Microsoft Internet Explorer 5.5
• Microsoft Internet Explorer 5.5 SP1
• Microsoft Internet Explorer 5.5 SP2
• Microsoft Internet Explorer 6.0
• Microsoft Internet Explorer 6.0 SP1
• Microsoft Windows 98SE
• Microsoft Windows ME
• Microsoft Windows Server 2003 Datacenter Edition
• Microsoft Windows Server 2003 Datacenter Edition Itanium
• Microsoft Windows Server 2003 Enterprise Edition
• Microsoft Windows Server 2003 Enterprise Edition Itanium
• Microsoft Windows Server 2003 Standard Edition
• Microsoft Windows Server 2003 Web Edition
• Microsoft Windows XP Home
• Microsoft Windows XP Professional

References:

• CERT: Vulnerability Note VU#784102
• Liu Die Yu: Internet Explorer Vulnerability :: 1stCleanRc
• Microsoft: Microsoft Security Bulletin MS04-004

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.