The host is installed with Internet Explorer 9, 10 or 11 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which does not properly enforce cross-domain policies. Successful exploitation could allow attackers to access information from one domain and inject it into another domain.