CVE-2017-0154

Description

Microsoft Internet Explorer 11 on Windows 10, 1511, and 1606 and Windows Server 2016 does not enforce cross-domain policies, allowing attackers to access information from one domain and inject it into another via a crafted application, aka, "Internet Explorer Elevation of Privilege Vulnerability."

Affected products

• Microsoft Corporation / Internet ExplorerInternet Explorer 11 in Windows 10, 1511, 1606, and Windows Server 2016 – Internet Explorer 11 in Windows 10, 1511, 1606, and Windows Server 2016

References

• VENDOR_ADVISORYhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0154
• MISChttp://www.securityfocus.com/bid/96766
• MISChttp://www.securitytracker.com/id/1038008