CVE-2016-7199

Name of the Vulnerable Software and Affected Versions Microsoft Internet Explorer versions 9 through 11 Microsoft Edge (affected versions not specified)

Description The issue allows remote attackers to bypass the Same Origin Policy and obtain sensitive window-state information via a crafted web site. This is due to improper handling of objects in memory by the affected Microsoft browsers. An attacker who successfully exploits this issue could obtain browser window state from a different domain. For an attack to be successful, an attacker must persuade a user to open a malicious website from a secure website. The vulnerability is also caused by a buffer overflow in the Chakra JavaScript engine, which can allow a remote attacker to execute arbitrary code or cause a denial of service.

Recommendations For Microsoft Internet Explorer versions 9 through 11, consider applying security updates or patches to fix the improper handling of objects in memory. For Microsoft Edge, at the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to potentially malicious websites to minimize the risk of exploitation.