HTTP: Microsoft Internet Explorer Same Origin Policy Bypass
This signature detects attempts to bypass same origin policy vulnerability. Successful exploitation can result in the disclosure of information about other web pages opened by the user or stored in the browser cache.
Extended Description
Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 9 through 11 allows remote attackers to bypass the Same Origin Policy and inject arbitrary web script or HTML via vectors involving an IFRAME element that triggers a redirect, a second IFRAME element that does not trigger a redirect, and an eval of a WindowProxy object, aka "Universal XSS (UXSS)."
Affected Products
Microsoft internet_explorer
References
CVE: CVE-2015-0072
Short Name
HTTP:STC:IE:SMEORIGIN-BYPASS
Severity
Major
Recommended
True
Recommended Action
Drop
Category
HTTP
Keywords
Bypass CVE-2015-0072 Explorer Internet Microsoft Origin Policy Same
Release Date
02/12/2015
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3799
False Positive
Unknown
Vendors
Microsoft
CVSS Score
4.3