CVE-2016-7282

Name of the Vulnerable Software and Affected Versions Microsoft Internet Explorer versions 9 through 11 Microsoft Edge (affected versions not specified)

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. This is due to the browsers not taking measures to protect the structure of web pages, which could enable a remote attacker to inject arbitrary code. The vulnerability exists because Microsoft Browsers do not properly validate content under specific conditions, and the affected component does not handle objects in memory correctly. An attacker who exploits this issue could run arbitrary code, leading to information disclosure, and potentially obtain information to further compromise a target system.

Recommendations For Microsoft Internet Explorer versions 9 through 11, update to a version that includes the fix for this issue. For Microsoft Edge, at the moment, there is no information about a newer version that contains a fix for this vulnerability.