XSS in Microsoft Internet_explorer
CVE-2015-0072
Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 9 through 11 allows remote attackers to bypass the Same Origin Policy and inject arbitrary web script or HTML via vectors involving an IFRAME element that triggers a r…
Vulnerability class: XSS (Cross-Site Scripting)
EPSS: 0.886 (99.5th percentile) — read the EPSS interpretation.
Affected products
- Microsoft Internet_explorer — versions 9, 10, 11
- N/a — versions n/a
Weakness classification (CWE)
Public proof-of-concept exploits
References
- 62658 (x_refsource_SECUNIA, third-party-advisory)
- MS15-018 (x_refsource_MS, vendor-advisory)
- 1031888 (vdb-entry, x_refsource_SECTRACK)
- secure@microsoft.com (x_refsource_MISC)
- secure@microsoft.com (x_refsource_MISC)
- secure@microsoft.com (x_refsource_MISC)
- secure@microsoft.com (Exploit, x_refsource_MISC)
- 20150209 Cookie hijacking: Internet Explorer UXSS (CVE-2015-0072) (mailing-list, x_refsource_BUGTRAQ)
- secure@microsoft.com (Exploit, x_refsource_MISC)
- 20150131 Major Internet Explorer Vulnerability - NOT Patched (mailing-list, x_refsource_FULLDISC)
Frequently asked questions
- What is CVE-2015-0072?
- CVE-2015-0072 is a vulnerability in Microsoft Internet_explorer, classified under Cross-site Scripting. Published 2015-02-07.
- Is CVE-2015-0072 known to be exploited?
- 8 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.