Matan Gillon

**Name of the Vulnerable Software and Affected Versions** Microsoft Internet Explorer (affected versions not specified) **Description** The issue allows remote attackers to bypass cross-domain security restrictions and obtain sensitive information. This is achieved by using the @import directive to download files from other domains that are not valid Cascading Style Sheets (CSS) files. An attacker could exploit this by constructing a specially crafted Web page that could lead to information disclosure if a user visits the site or clicks a link in a specially crafted e-mail message. The attacker could read file data from another Internet Explorer domain, but user interaction is required. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.