CVE-2001-1410 Information

Description

Internet Explorer 6 and earlier allows remote attackers to create chromeless windows using the Javascript window.createPopup method which could allow attackers to simulate a victim’s display and conduct unauthorized activities or steal sensitive data via social engineering.

Reference

http://marc.info/?l=bugtraq&m=105820229407274&w=2 http://marc.info/?l=bugtraq&m=105829174431769&w=2 http://www.doxdesk.com/personal/posts/bugtraq/20030713-ie/ http://www.guninski.com/popspoof.html http://www.kb.cert.org/vuls/id/490708 http://www.securityfocus.com/archive/1/221883 http://www.securityfocus.com/bid/3469 http://www.systemintegra.com/ie-fullscreen/ https://exchange.xforce.ibmcloud.com/vulnerabilities/7313