CVE-2015-2412

Name of the Vulnerable Software and Affected Versions Microsoft Internet Explorer versions 10 through 11

Description The issue allows remote attackers to read arbitrary local files via a crafted pathname. This is due to the browser's failure to properly validate file paths, which could enable an attacker to disclose the contents of arbitrary files on the user's computer. The vulnerability does not allow an attacker to execute code or elevate their user rights directly but could be used to obtain information that could be used to try to further compromise the affected system.

Recommendations For versions 10 and 11, consider restricting access to sensitive local files until a patch is available. As a temporary workaround, avoid using Internet Explorer to access sensitive information until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.