Microsoft Browser Information Disclosure Vulnerability - CVE-2018-8351ID: oval:org.secpod.oval:def:47103 | Date: (C)2018-08-15 (M)2024-03-06 |
Class: VULNERABILITY | Family: windows |
An information disclosure vulnerability exists when affected Microsoft browsers improperly allow cross-frame interaction. An attacker who successfully exploited this vulnerability could allow an attacker to obtain browser frame or window state from a different domain. For an attack to be successful, an attacker must persuade a user to open a malicious website from a secure website. This update addresses the vulnerability by denying permission to read the state of the object model, to which frames or windows on different domains should not have access.
Platform: |
Microsoft Windows 10 |
Microsoft Windows 7 |
Microsoft Windows 8.1 |
Microsoft Windows Server 2008 R2 |
Microsoft Windows Server 2012 |
Microsoft Windows Server 2012 R2 |
Microsoft Windows Server 2016 |
Product: |
Microsoft Internet Explorer 10 |
Microsoft Internet Explorer 11 |
Microsoft Edge |