CVE-2014-1777

Name of the Vulnerable Software and Affected Versions Internet Explorer versions 10 through 11

Description The issue is caused by the program's inability to properly check permissions when installing local files. This allows an attacker to gain unauthorized access to confidential information in local files. An information disclosure vulnerability exists within Internet Explorer during validation of local file installation, enabling remote attackers to read local files on the client via a crafted web site.

Recommendations For Internet Explorer versions 10 and 11, update to a version that includes a fix for this issue. As a temporary workaround, consider restricting access to sensitive local files until a patch is available.