Www.edup.tudelft.nl/~bjwever/advisory iframe.html.php - Skypher

Www.edup.tudelft.nl/~bjwever/advisory iframe.html.php - Skypher:
nternet Explorer IFRAME src&name parameter BoF remote compromise

Contents [hide] 1 Vulnerability 2 Affected versions 3 Exploit 4 Timeline 5 Patch 6 Links

Vulnerability

There is an exploitable BoF in the FRAME, EMBED and IFRAME tag using the SRC and NAME property. To trigger the BoF you only need this tag in a HTML file: