CVE-2015-2398

Name of the Vulnerable Software and Affected Versions Internet Explorer versions 8 through 11

Description The issue exists due to insufficient protection of the web page structure in Internet Explorer, allowing a remote attacker to bypass the XSS filter using specially crafted HTML document attributes. This could lead to information disclosure, as initially disabled scripts may run in the wrong security context. An attacker who successfully exploits this issue could cause script code to run on another user's system, potentially taking any action permitted to the third-party website. The exploitation requires the user to click on a hypertext link, either in an email or on an attacker-controlled website.

Recommendations For Internet Explorer versions 8 through 11, consider disabling the use of specially crafted HTML attributes until a patch is available. Restrict access to potentially vulnerable websites to minimize the risk of exploitation. Avoid clicking on suspicious links from untrusted sources to reduce the risk of triggering the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.