PT-2017-1511 · Microsoft · Windows Server 2016+3

Published

2017-03-14

Updated

2017-07-12

CVE-2017-0154

CVSS v2.0

5.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions Microsoft Internet Explorer 11 on Windows 10, 1511, and 1606 and Windows Server 2016

Description The issue arises from the failure to enforce cross-domain policies, allowing attackers to access information from one domain and inject it into another via a crafted application. This could enable a remote attacker to obtain and transfer information between domains.

Recommendations For Microsoft Internet Explorer 11 on Windows 10, 1511, and 1606 and Windows Server 2016, consider applying configuration changes to enforce cross-domain policies until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

LPE

Special Elements Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-74

Related Identifiers

BDU:2017-00656

CVE-2017-0154

Affected Products

Internet Explorer

Internet Explorer 11

Windows 10

Windows Server 2016

PT-2017-1511 · Microsoft · Windows Server 2016+3

CVE-2017-0154

Weakness Enumeration

Related Identifiers

Affected Products

References · 8