CVE-2015-0072

Name of the Vulnerable Software and Affected Versions Microsoft Internet Explorer versions 9 through 11

Description The issue allows remote attackers to bypass the Same Origin Policy and inject arbitrary web script or HTML. This is achieved through vectors involving an IFRAME element that triggers a redirect, a second IFRAME element that does not trigger a redirect, and an eval of a WindowProxy object. An elevation of privilege vulnerability exists when Internet Explorer does not properly enforce cross-domain policies, which could allow an attacker to access information from one domain and inject it into another domain.

Recommendations For Microsoft Internet Explorer versions 9 through 11, at the moment, there is no information about a newer version that contains a fix for this vulnerability.