Microsoft IE DocumentComplete() Cross Frame Access Vulnerability
BID:1224
Info
Microsoft IE DocumentComplete() Cross Frame Access Vulnerability
Bugtraq ID:
1224
Class:
Boundary Condition Error
CVE:
Remote:
Yes
Local:
Yes
Published:
May 17 2000 12:00AM
Updated:
May 17 2000 12:00AM
Credit:
Discovered by Andrew Nosenko <[email protected]> and publicized in a Microsoft Security Bulletin (MS00-033). Patch update information published in Microsoft Security Bulletin MS01-027 on May 16, 2001.
Vulnerable:
Microsoft Internet Explorer 5.0.1
-
Microsoft Windows 2000 Advanced Server SP2
-
Microsoft Windows 2000 Advanced Server SP2
-
Microsoft Windows 2000 Advanced Server SP2
-
Microsoft Windows 2000 Advanced Server SP1
-
Microsoft Windows 2000 Advanced Server SP1
-
Microsoft Windows 2000 Advanced Server SP1
-
Microsoft Windows 2000 Advanced Server
-
Microsoft Windows 2000 Advanced Server
-
Microsoft Windows 2000 Advanced Server
-
Microsoft Windows 2000 Datacenter Server SP2
-
Microsoft Windows 2000 Datacenter Server SP2
-
Microsoft Windows 2000 Datacenter Server SP2
-
Microsoft Windows 2000 Datacenter Server SP1
-
Microsoft Windows 2000 Datacenter Server SP1
-
Microsoft Windows 2000 Datacenter Server SP1
-
Microsoft Windows 2000 Datacenter Server
-
Microsoft Windows 2000 Datacenter Server
-
Microsoft Windows 2000 Datacenter Server
-
Microsoft Windows 2000 Professional SP2
-
Microsoft Windows 2000 Professional SP2
-
Microsoft Windows 2000 Professional SP2
-
Microsoft Windows 2000 Professional SP1
-
Microsoft Windows 2000 Professional SP1
-
Microsoft Windows 2000 Professional SP1
-
Microsoft Windows 2000 Professional
-
Microsoft Windows 2000 Professional
-
Microsoft Windows 2000 Professional
-
Microsoft Windows 2000 Server SP2
-
Microsoft Windows 2000 Server SP2
-
Microsoft Windows 2000 Server SP2
-
Microsoft Windows 2000 Server SP1
-
Microsoft Windows 2000 Server SP1
-
Microsoft Windows 2000 Server SP1
-
Microsoft Windows 2000 Server
-
Microsoft Windows 2000 Server
-
Microsoft Windows 2000 Server
-
Microsoft Windows 2000 Terminal Services SP2
-
Microsoft Windows 2000 Terminal Services SP2
-
Microsoft Windows 2000 Terminal Services SP2
-
Microsoft Windows 2000 Terminal Services SP1
-
Microsoft Windows 2000 Terminal Services SP1
-
Microsoft Windows 2000 Terminal Services SP1
-
Microsoft Windows 2000 Terminal Services
-
Microsoft Windows 2000 Terminal Services
-
Microsoft Windows 2000 Terminal Services
-
Microsoft Windows 95
-
Microsoft Windows 95
-
Microsoft Windows 95
-
Microsoft Windows 98
-
Microsoft Windows 98
-
Microsoft Windows 98
-
Microsoft Windows 98SE
-
Microsoft Windows 98SE
-
Microsoft Windows 98SE
+
Microsoft Windows ME
+
Microsoft Windows ME
-
Microsoft Windows NT 4.0 SP6a
-
Microsoft Windows NT 4.0 SP6a
-
Microsoft Windows NT 4.0 SP6
-
Microsoft Windows NT 4.0 SP6
-
Microsoft Windows NT 4.0 SP5
-
Microsoft Windows NT 4.0 SP5
-
Microsoft Windows NT 4.0 SP4
-
Microsoft Windows NT 4.0 SP4
-
Microsoft Windows NT 4.0 SP3
-
Microsoft Windows NT 4.0 SP3
-
Microsoft Windows NT Enterprise Server 4.0 SP6a
-
Microsoft Windows NT Enterprise Server 4.0 SP6a
-
Microsoft Windows NT Enterprise Server 4.0 SP6a
-
Microsoft Windows NT Enterprise Server 4.0 SP6
-
Microsoft Windows NT Enterprise Server 4.0 SP6
-
Microsoft Windows NT Enterprise Server 4.0 SP6
-
Microsoft Windows NT Enterprise Server 4.0 SP5
-
Microsoft Windows NT Enterprise Server 4.0 SP5
-
Microsoft Windows NT Enterprise Server 4.0 SP5
-
Microsoft Windows NT Enterprise Server 4.0 SP4
-
Microsoft Windows NT Enterprise Server 4.0 SP4
-
Microsoft Windows NT Enterprise Server 4.0 SP4
-
Microsoft Windows NT Enterprise Server 4.0 SP3
-
Microsoft Windows NT Enterprise Server 4.0 SP3
-
Microsoft Windows NT Enterprise Server 4.0 SP3
-
Microsoft Windows NT Server 4.0 SP6a
-
Microsoft Windows NT Server 4.0 SP6a
-
Microsoft Windows NT Server 4.0 SP6a
-
Microsoft Windows NT Server 4.0 SP6
-
Microsoft Windows NT Server 4.0 SP6
-
Microsoft Windows NT Server 4.0 SP6
-
Microsoft Windows NT Server 4.0 SP5
-
Microsoft Windows NT Server 4.0 SP5
-
Microsoft Windows NT Server 4.0 SP5
-
Microsoft Windows NT Server 4.0 SP4
-
Microsoft Windows NT Server 4.0 SP4
-
Microsoft Windows NT Server 4.0 SP4
-
Microsoft Windows NT Server 4.0 SP3
-
Microsoft Windows NT Server 4.0 SP3
-
Microsoft Windows NT Server 4.0 SP3
-
Microsoft Windows NT Terminal Server 4.0 SP6a
-
Microsoft Windows NT Terminal Server 4.0 SP6a
-
Microsoft Windows NT Terminal Server 4.0 SP6
-
Microsoft Windows NT Terminal Server 4.0 SP6
-
Microsoft Windows NT Terminal Server 4.0 SP6
-
Microsoft Windows NT Terminal Server 4.0 SP5
-
Microsoft Windows NT Terminal Server 4.0 SP5
-
Microsoft Windows NT Terminal Server 4.0 SP5
-
Microsoft Windows NT Terminal Server 4.0 SP4
-
Microsoft Windows NT Terminal Server 4.0 SP4
-
Microsoft Windows NT Terminal Server 4.0 SP4
-
Microsoft Windows NT Terminal Server 4.0 SP3
-
Microsoft Windows NT Terminal Server 4.0 SP3
-
Microsoft Windows NT Terminal Server 4.0 SP3
-
Microsoft Windows NT Workstation 4.0 SP6a
-
Microsoft Windows NT Workstation 4.0 SP6a
-
Microsoft Windows NT Workstation 4.0 SP6
-
Microsoft Windows NT Workstation 4.0 SP6
-
Microsoft Windows NT Workstation 4.0 SP6
-
Microsoft Windows NT Workstation 4.0 SP5
-
Microsoft Windows NT Workstation 4.0 SP5
-
Microsoft Windows NT Workstation 4.0 SP5
-
Microsoft Windows NT Workstation 4.0 SP4
-
Microsoft Windows NT Workstation 4.0 SP4
-
Microsoft Windows NT Workstation 4.0 SP4
-
Microsoft Windows NT Workstation 4.0 SP3
-
Microsoft Windows NT Workstation 4.0 SP3
-
Microsoft Windows NT Workstation 4.0 SP3
Microsoft Internet Explorer 5.5 preview
-
Microsoft Windows 95
-
Microsoft Windows 95
-
Microsoft Windows 95
-
Microsoft Windows 98
-
Microsoft Windows 98
-
Microsoft Windows NT 4.0
-
Microsoft Windows NT 4.0
-
Microsoft Windows NT 4.0
Microsoft Internet Explorer 5.0 for Windows NT 4
+
Microsoft Windows NT 4.0
+
Microsoft Windows NT 4.0
Microsoft Internet Explorer 5.0 for Windows 98
+
Microsoft Windows 98
+
Microsoft Windows 98
Microsoft Internet Explorer 5.0 for Windows 95
+
Microsoft Windows 95
+
Microsoft Windows 95
Microsoft Internet Explorer 5.0 for Windows 2000
-
Microsoft Windows 2000 Professional
-
Microsoft Windows 2000 Professional
Microsoft Internet Explorer 4.0 for Windows NT 4
+
Microsoft Windows NT 4.0
+
Microsoft Windows NT 4.0
Microsoft Internet Explorer 4.0 for Windows NT 3
-
Microsoft Windows NT 3.5.1
-
Microsoft Windows NT 3.5.1
Microsoft Internet Explorer 4.0 for Windows 95
+
Microsoft Windows 95
+
Microsoft Windows 95
Microsoft Internet Explorer 4.0 for Windows 3.1
Microsoft Internet Explorer 4.0 for WfW
+
Microsoft Windows 3.11
+
Microsoft Windows 3.11
Microsoft Internet Explorer 4.0
-
Microsoft Windows 2000 Advanced Server SP2
-
Microsoft Windows 2000 Advanced Server SP2
-
Microsoft Windows 2000 Advanced Server SP2
-
Microsoft Windows 2000 Advanced Server SP2
-
Microsoft Windows 2000 Advanced Server SP1
-
Microsoft Windows 2000 Advanced Server SP1
-
Microsoft Windows 2000 Advanced Server SP1
-
Microsoft Windows 2000 Advanced Server SP1
-
Microsoft Windows 2000 Advanced Server
-
Microsoft Windows 2000 Advanced Server
-
Microsoft Windows 2000 Advanced Server
-
Microsoft Windows 2000 Advanced Server
-
Microsoft Windows 2000 Datacenter Server SP2
-
Microsoft Windows 2000 Datacenter Server SP2
-
Microsoft Windows 2000 Datacenter Server SP2
-
Microsoft Windows 2000 Datacenter Server SP2
-
Microsoft Windows 2000 Datacenter Server SP1
-
Microsoft Windows 2000 Datacenter Server SP1
-
Microsoft Windows 2000 Datacenter Server SP1
-
Microsoft Windows 2000 Datacenter Server SP1
-
Microsoft Windows 2000 Datacenter Server
-
Microsoft Windows 2000 Datacenter Server
-
Microsoft Windows 2000 Datacenter Server
-
Microsoft Windows 2000 Datacenter Server
-
Microsoft Windows 2000 Professional SP2
-
Microsoft Windows 2000 Professional SP2
-
Microsoft Windows 2000 Professional SP2
-
Microsoft Windows 2000 Professional SP2
-
Microsoft Windows 2000 Professional SP1
-
Microsoft Windows 2000 Professional SP1
-
Microsoft Windows 2000 Professional SP1
-
Microsoft Windows 2000 Professional SP1
-
Microsoft Windows 2000 Professional
-
Microsoft Windows 2000 Professional
-
Microsoft Windows 2000 Professional
-
Microsoft Windows 2000 Professional
-
Microsoft Windows 2000 Server SP2
-
Microsoft Windows 2000 Server SP2
-
Microsoft Windows 2000 Server SP2
-
Microsoft Windows 2000 Server SP2
-
Microsoft Windows 2000 Server SP1
-
Microsoft Windows 2000 Server SP1
-
Microsoft Windows 2000 Server SP1
-
Microsoft Windows 2000 Server SP1
-
Microsoft Windows 2000 Server
-
Microsoft Windows 2000 Server
-
Microsoft Windows 2000 Server
-
Microsoft Windows 2000 Server
-
Microsoft Windows 95
-
Microsoft Windows 95
-
Microsoft Windows 95
-
Microsoft Windows 95
+
Microsoft Windows 98
+
Microsoft Windows 98
+
Microsoft Windows 98
-
Microsoft Windows ME
-
Microsoft Windows ME
-
Microsoft Windows ME
-
Microsoft Windows ME
-
Microsoft Windows NT Enterprise Server 4.0 SP6a
-
Microsoft Windows NT Enterprise Server 4.0 SP6a
-
Microsoft Windows NT Enterprise Server 4.0 SP6a
-
Microsoft Windows NT Enterprise Server 4.0 SP6a
-
Microsoft Windows NT Enterprise Server 4.0 SP6
-
Microsoft Windows NT Enterprise Server 4.0 SP6
-
Microsoft Windows NT Enterprise Server 4.0 SP6
-
Microsoft Windows NT Enterprise Server 4.0 SP6
-
Microsoft Windows NT Enterprise Server 4.0 SP5
-
Microsoft Windows NT Enterprise Server 4.0 SP5
-
Microsoft Windows NT Enterprise Server 4.0 SP5
-
Microsoft Windows NT Enterprise Server 4.0 SP5
-
Microsoft Windows NT Enterprise Server 4.0 SP4
-
Microsoft Windows NT Enterprise Server 4.0 SP4
-
Microsoft Windows NT Enterprise Server 4.0 SP4
-
Microsoft Windows NT Enterprise Server 4.0 SP4
-
Microsoft Windows NT Enterprise Server 4.0 SP3
-
Microsoft Windows NT Enterprise Server 4.0 SP3
-
Microsoft Windows NT Enterprise Server 4.0 SP3
-
Microsoft Windows NT Enterprise Server 4.0 SP3
-
Microsoft Windows NT Enterprise Server 4.0 SP2
-
Microsoft Windows NT Enterprise Server 4.0 SP2
-
Microsoft Windows NT Enterprise Server 4.0 SP2
-
Microsoft Windows NT Enterprise Server 4.0 SP2
-
Microsoft Windows NT Enterprise Server 4.0 SP1
-
Microsoft Windows NT Enterprise Server 4.0 SP1
-
Microsoft Windows NT Enterprise Server 4.0 SP1
-
Microsoft Windows NT Enterprise Server 4.0 SP1
-
Microsoft Windows NT Enterprise Server 4.0
-
Microsoft Windows NT Enterprise Server 4.0
-
Microsoft Windows NT Enterprise Server 4.0
-
Microsoft Windows NT Enterprise Server 4.0
-
Microsoft Windows NT Server 4.0 SP6a
-
Microsoft Windows NT Server 4.0 SP6a
-
Microsoft Windows NT Server 4.0 SP6a
-
Microsoft Windows NT Server 4.0 SP6a
-
Microsoft Windows NT Server 4.0 SP6
-
Microsoft Windows NT Server 4.0 SP6
-
Microsoft Windows NT Server 4.0 SP6
-
Microsoft Windows NT Server 4.0 SP6
-
Microsoft Windows NT Server 4.0 SP5
-
Microsoft Windows NT Server 4.0 SP5
-
Microsoft Windows NT Server 4.0 SP5
-
Microsoft Windows NT Server 4.0 SP5
-
Microsoft Windows NT Server 4.0 SP4
-
Microsoft Windows NT Server 4.0 SP4
-
Microsoft Windows NT Server 4.0 SP4
-
Microsoft Windows NT Server 4.0 SP4
-
Microsoft Windows NT Server 4.0 SP3
-
Microsoft Windows NT Server 4.0 SP3
-
Microsoft Windows NT Server 4.0 SP3
-
Microsoft Windows NT Server 4.0 SP3
-
Microsoft Windows NT Server 4.0 SP2
-
Microsoft Windows NT Server 4.0 SP2
-
Microsoft Windows NT Server 4.0 SP2
-
Microsoft Windows NT Server 4.0 SP2
-
Microsoft Windows NT Server 4.0 SP1
-
Microsoft Windows NT Server 4.0 SP1
-
Microsoft Windows NT Server 4.0 SP1
-
Microsoft Windows NT Server 4.0 SP1
-
Microsoft Windows NT Server 4.0
-
Microsoft Windows NT Server 4.0
-
Microsoft Windows NT Server 4.0
-
Microsoft Windows NT Server 4.0
-
Microsoft Windows NT Terminal Server 4.0 SP6a
-
Microsoft Windows NT Terminal Server 4.0 SP6a
-
Microsoft Windows NT Terminal Server 4.0 SP6a
-
Microsoft Windows NT Terminal Server 4.0 SP6
-
Microsoft Windows NT Terminal Server 4.0 SP6
-
Microsoft Windows NT Terminal Server 4.0 SP6
-
Microsoft Windows NT Terminal Server 4.0 SP6
-
Microsoft Windows NT Terminal Server 4.0 SP5
-
Microsoft Windows NT Terminal Server 4.0 SP5
-
Microsoft Windows NT Terminal Server 4.0 SP5
-
Microsoft Windows NT Terminal Server 4.0 SP5
-
Microsoft Windows NT Terminal Server 4.0 SP4
-
Microsoft Windows NT Terminal Server 4.0 SP4
-
Microsoft Windows NT Terminal Server 4.0 SP4
-
Microsoft Windows NT Terminal Server 4.0 SP4
-
Microsoft Windows NT Terminal Server 4.0 SP3
-
Microsoft Windows NT Terminal Server 4.0 SP3
-
Microsoft Windows NT Terminal Server 4.0 SP3
-
Microsoft Windows NT Terminal Server 4.0 SP3
-
Microsoft Windows NT Terminal Server 4.0 SP2
-
Microsoft Windows NT Terminal Server 4.0 SP2
-
Microsoft Windows NT Terminal Server 4.0 SP2
-
Microsoft Windows NT Terminal Server 4.0 SP2
-
Microsoft Windows NT Terminal Server 4.0 SP1
-
Microsoft Windows NT Terminal Server 4.0 SP1
-
Microsoft Windows NT Terminal Server 4.0 SP1
-
Microsoft Windows NT Terminal Server 4.0 SP1
-
Microsoft Windows NT Terminal Server 4.0 alpha
-
Microsoft Windows NT Terminal Server 4.0 alpha
-
Microsoft Windows NT Terminal Server 4.0 alpha
-
Microsoft Windows NT Terminal Server 4.0 alpha
-
Microsoft Windows NT Terminal Server 4.0
-
Microsoft Windows NT Terminal Server 4.0
-
Microsoft Windows NT Terminal Server 4.0
-
Microsoft Windows NT Terminal Server 4.0
-
Microsoft Windows NT Workstation 4.0 SP6a
-
Microsoft Windows NT Workstation 4.0 SP6a
-
Microsoft Windows NT Workstation 4.0 SP6a
-
Microsoft Windows NT Workstation 4.0 SP6a
-
Microsoft Windows NT Workstation 4.0 SP6
-
Microsoft Windows NT Workstation 4.0 SP6
-
Microsoft Windows NT Workstation 4.0 SP6
-
Microsoft Windows NT Workstation 4.0 SP6
-
Microsoft Windows NT Workstation 4.0 SP5
-
Microsoft Windows NT Workstation 4.0 SP5
-
Microsoft Windows NT Workstation 4.0 SP5
-
Microsoft Windows NT Workstation 4.0 SP5
-
Microsoft Windows NT Workstation 4.0 SP4
-
Microsoft Windows NT Workstation 4.0 SP4
-
Microsoft Windows NT Workstation 4.0 SP4
-
Microsoft Windows NT Workstation 4.0 SP4
-
Microsoft Windows NT Workstation 4.0 SP3
-
Microsoft Windows NT Workstation 4.0 SP3
-
Microsoft Windows NT Workstation 4.0 SP3
-
Microsoft Windows NT Workstation 4.0 SP3
-
Microsoft Windows NT Workstation 4.0 SP2
-
Microsoft Windows NT Workstation 4.0 SP2
-
Microsoft Windows NT Workstation 4.0 SP2
-
Microsoft Windows NT Workstation 4.0 SP2
-
Microsoft Windows NT Workstation 4.0 SP1
-
Microsoft Windows NT Workstation 4.0 SP1
-
Microsoft Windows NT Workstation 4.0 SP1
-
Microsoft Windows NT Workstation 4.0
-
Microsoft Windows NT Workstation 4.0
-
Microsoft Windows NT Workstation 4.0
-
Microsoft Windows NT Workstation 4.0
Not Vulnerable:
Discussion
Microsoft IE DocumentComplete() Cross Frame Access Vulnerability
The DocumentComplete() function in IE does not properly validate origin domains.
Therefore it is possible for a remote webserver to gain read access to local files on the machine of any website visitor or email recipient by accessing the browser object of a frame containing local content. Only files that can be opened by a browser window (eg. *.htm, *.js, *.txt etc) are viewable, and the path and name of the file must be known by the attacker.
Update (May 16, 2001): A new variant of this vulnerability has been discovered. Microsoft has released a new patch to address all known variants of this vulnerability.
Exploit / POC
Microsoft IE DocumentComplete() Cross Frame Access Vulnerability
The following example illustrates this vulnerability: