Microsoft Internet Explorer Cross Domain Information Disclosure Vulnerabilities

Summary

Microsoft Internet Explorer 6 through 11 allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka ‘Internet Explorer Cross-domain Information Disclosure Vulnerability.’

Credit:

The information has been provided by James Forshaw of Context Information Security.


Details

Vulnerable Systems:
 * Microsoft Internet Explorer 6 through 11

Immune Systems:
 * Microsoft Internet Explorer after 11

Microsoft Internet Explorer is prone to a cross-domain information-disclosure vulnerability. An attacker can exploit this issue to view content from a browser window in another domain or security zone. This may allow the attacker to obtain sensitive information or aid in further attacks.

CVE Information:
CVE-2014-6340

Disclosure Timeline:
Original release date: 11/11/2014
Last revised: 12/30/2014

Categories: Windows