Endpoint Vulnerability

Microsoft Browser Information Disclosure Vulnerability

Description

An information disclosure vulnerability exists when affected Microsoft browsers improperly allow cross-frame interaction. An attacker who successfully exploited this vulnerability could allow an attacker to obtain browser frame or window state from a different domain. For an attack to be successful, an attacker must persuade a user to open a malicious website from a secure website. This update addresses the vulnerability by denying permission to read the state of the object model, to which frames or windows on different domains should not have access.

Affected Products

Internet Explorer 9,Microsoft Edge,Internet Explorer 11,Internet Explorer 10

References

CVE-2016-7199,