David Leo

**Name of the Vulnerable Software and Affected Versions** Microsoft Internet Explorer versions 9 through 11 **Description** The issue allows remote attackers to bypass the Same Origin Policy and inject arbitrary web script or HTML. This is achieved through vectors involving an IFRAME element that triggers a redirect, a second IFRAME element that does not trigger a redirect, and an eval of a WindowProxy object. An elevation of privilege vulnerability exists when Internet Explorer does not properly enforce cross-domain policies, which could allow an attacker to access information from one domain and inject it into another domain. **Recommendations** For Microsoft Internet Explorer versions 9 through 11, at the moment, there is no information about a newer version that contains a fix for this vulnerability.