Cross-site scripting vulnerability (XSS) in Internet Explorer 5.01 through 6.0 allows remote attackers to read and execute files on the local system via web pages using the <frame> or <iframe> element and javascript, aka "Frames Cross Site Scripting," as demonstrated using the PrivacyPolicy.dlg resource.

BID:5672 | URL:http://www.securityfocus.com/bid/5672 | BUGTRAQ:20020909 Who framed Internet Explorer (GM#010-IE) | URL:http://marc.info/?l=bugtraq&m=103158601431054&w=2 | MS:MS02-066 | URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-066 | OSVDB:2998 | URL:http://www.osvdb.org/2998 | OVAL:oval:org.mitre.oval:def:203 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A203 | OVAL:oval:org.mitre.oval:def:225 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A225 | XF:ie-frame-script-execution (10066) | URL:http://www.iss.net/security_center/static/10066.php