Cross-Frame scripting vulnerability in the WebBrowser control as used in Internet Explorer 5.5 and 6.0 allows remote attackers to execute arbitrary code, read arbitrary files, or conduct other unauthorized activities via script that accesses the Document property, which bypasses <frame> and <iframe> domain restrictions.
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A333
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A272
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-066
http://www.securityfocus.com/bid/5963
http://www.iss.net/security_center/static/10371.php
http://www.ciac.org/ciac/bulletins/n-018.shtml
http://marc.info/?l=ntbugtraq&m=103470202010570&w=2
http://marc.info/?l=bugtraq&m=103470310417576&w=2
http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0024.html