PT-2017-1511 · Microsoft · Windows Server 2016+3

Publicado

2017-03-14

Atualizado

2017-07-12

CVE-2017-0154

CVSS v2.0

5.8

Média

Vetor

AV:N/AC:M/Au:N/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions Microsoft Internet Explorer 11 on Windows 10, 1511, and 1606 and Windows Server 2016

Description The issue arises from the failure to enforce cross-domain policies, allowing attackers to access information from one domain and inject it into another via a crafted application. This could enable a remote attacker to obtain and transfer information between domains.

Recommendations For Microsoft Internet Explorer 11 on Windows 10, 1511, and 1606 and Windows Server 2016, consider applying configuration changes to enforce cross-domain policies until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

LPE

Special Elements Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-74

Identificadores relacionados

BDU:2017-00656

CVE-2017-0154

Produtos afetados

Internet Explorer

Internet Explorer 11

Windows 10

Windows Server 2016

PT-2017-1511 · Microsoft · Windows Server 2016+3

CVE-2017-0154

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8