[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248149

 
 

909

 
 

194803

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2015-0072Date: (C)2015-02-14   (M)2023-12-22


Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 9 through 11 allows remote attackers to bypass the Same Origin Policy and inject arbitrary web script or HTML via vectors involving an IFRAME element that triggers a redirect, a second IFRAME element that does not trigger a redirect, and an eval of a WindowProxy object, aka "Universal XSS (UXSS)."

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.3
Exploit Score: 8.6
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: NONE
Integrity: PARTIAL
Availability: NONE
  
Reference:
SECTRACK-1031888
http://seclists.org/fulldisclosure/2015/Feb/0
http://www.securityfocus.com/archive/1/534662/100/0/threaded
SECUNIA-62658
BID-72489
MS15-018
http://community.websense.com/blogs/securitylabs/archive/2015/02/05/another-day-another-zero-day-internet-explorer-s-turn-cve-2015-0072.aspx
http://innerht.ml/blog/ie-uxss.html
http://packetstormsecurity.com/files/130308/Microsoft-Internet-Explorer-Universal-XSS-Proof-Of-Concept.html
http://www.pcworld.com/article/2879372/dangerous-ie-vulnerability-opens-door-to-powerful-phishing-attacks.html
https://nakedsecurity.sophos.com/2015/02/04/internet-explorer-has-a-cross-site-scripting-zero-day-bug/
ms-ie-cve20150072-xss(100606)

CPE    3
cpe:/a:microsoft:internet_explorer:9
cpe:/a:microsoft:internet_explorer:11:-
cpe:/a:microsoft:internet_explorer:10
CWE    1
CWE-79
OVAL    2
oval:org.secpod.oval:def:23789
oval:org.secpod.oval:def:23787

© SecPod Technologies