Windows HTML Platforms Security Feature Bypass Vulnerability - CVE-2023-35384ID: oval:org.secpod.oval:def:91804 | Date: (C)2023-08-09 (M)2024-04-25 |
Class: VULNERABILITY | Family: windows |
Windows HTML Platforms Security Feature Bypass Vulnerability. A security feature bypass vulnerability exists when the MSHTML platform fails to validate the correct Security Zone of requests for specific URLs. This could allow an attacker to cause a user to access a URL in a less restricted Internet Security Zone than intended. To exploit this vulnerability, an attacker could email or otherwise provide a specially crafted URL to a victim and convince them to click on it. The security update addresses the vulnerability by correcting security feature behavior to properly map affected URLs to the correct Security Zone.
Platform: |
Microsoft Windows 10 |
Microsoft Windows 11 |
Microsoft Windows Server 2012 R2 |
Microsoft Windows Server 2016 |
Microsoft Windows Server 2019 |
Microsoft Windows Server 2022 |
Product: |
Microsoft Internet Explorer 11 |