Frame injection

{{Short description|Arbitrary code exploit in Internet Explorer}}

A frame injection attack is an attack on Internet Explorer 5, Internet Explorer 6 and Internet Explorer 7 to load arbitrary code in the browser.{{cite web|title=Internet Explorer Frame Injection Vulnerability|date=2004-06-30|work=Vulnerability Intelligence|publisher=Secunia Advisories|url=http://secunia.com/advisories/11966/|access-date=2008-09-13|url-status=dead|archive-url=https://web.archive.org/web/20080917022529/http://secunia.com/advisories/11966/|archive-date=2008-09-17|quote=Updated 2008-05-19}} This attack is caused by Internet Explorer not checking the destination of the resulting frame,{{cite web|url=https://docs.microsoft.com/en-us/security-updates/securitybulletins/1998/ms98-020|title=Microsoft Security Bulletin (MS98-020) Updated: May 16, 2003|publisher=Microsoft Corporation|date=1998-12-23|access-date=2008-09-13}} therefore allowing arbitrary code such as JavaScript or VBScript. This also happens when code gets injected through frames due to scripts not validating their input.{{cite web|url=https://owasp.org/www-community/attacks/Cross_Frame_Scripting|title=Cross Frame Scripting|publisher=OWASP|access-date=2008-09-13}} This other type of frame injection affects all browsers and scripts that do not validate untrusted input.{{cite web|url=http://secunia.com/cve_reference/CVE-2004-0719/|archive-url=https://web.archive.org/web/20071219181848/http://secunia.com/cve_reference/CVE-2004-0719/|archive-date=2007-12-19|title=CVE-2004-0719 - CVE Reference|publisher=Secunia|date=2007|access-date=2008-09-13}}