Exploit:HTML/IframeRef.gen

Scott(0) · Post by **Scott(0)** » Fri Jun 04, 2010 8:13 pm

Hello All,

MS Security Essentials recently flagged this twice on my laptop. Curious if this exploit falls soley under the realm of AV software or is something NoScript could eventually stop?

Thanks

Win 7 Home Premium, FFox 3.6.3, NoScript 1.9.9.81, plus additional stuff

Post by **Giorgio Maone** » Fri Jun 04, 2010 8:29 pm

From http://www.microsoft.com/security/porta ... ameRef.gen :

Microsoft wrote: Exploit:HTML/IframeRef.gen is generic detection for specially formed IFrame tags that point to remote Web sites containing malicious content, for example malicious Javascript containing an exploit for a specific vulnerability.

This means that this is a generic signature for IFrames whose src attribute matches a blacklist of known malicious web sites serving payloads which exploit browser or plugin vulnerabilities.
Since exploitation in 99.9% of the cases involves running JavaScript or active plugin content, NoScript will block this class of attacks even if the antivirus fails at blocking it at the proxy level because the serving site is too "new" to be listed in the blacklist.

eradic8 · Post by **eradic8** » Sat Jun 05, 2010 10:34 am

Should forbid IFRAME option be enabled in Noscript to prevent this Exploit, or will it be prevented by default?

Post by **Alan Baxter** » Sat Jun 05, 2010 1:55 pm

eradic8 wrote:Should forbid IFRAME option be enabled in Noscript to prevent this Exploit, or will it be prevented by default?

Not necessary. JavaScript and active plugin content are blocked by default.

Giorgio Maone wrote:Since exploitation in 99.9% of the cases involves running JavaScript or active plugin content, NoScript will block this class of attacks...

InformAction Forums

Exploit:HTML/IframeRef.gen

Exploit:HTML/IframeRef.gen

Re: Exploit:HTML/IframeRef.gen

Re: Exploit:HTML/IframeRef.gen

Re: Exploit:HTML/IframeRef.gen