CVE-2004-1155

Name of the Vulnerable Software and Affected Versions: Internet Explorer versions 5.01 through 6 Internet Explorer 7 on Windows XP SP2

Description: The issue allows remote attackers to spoof arbitrary web sites by injecting content from one window into another window whose name is known but resides in a different domain. This can be demonstrated using a pop-up window on a trusted web site.

Recommendations: For Internet Explorer versions 5.01 through 6, consider disabling pop-up windows to minimize the risk of exploitation. For Internet Explorer 7 on Windows XP SP2, restrict access to potentially vulnerable web sites to reduce the risk of window injection attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.