POLICY-OTHER Microsoft Browser iframe local file load attempt
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, and Windows Server 2012 and R2 allow an attacker to detect specific files on the user's computer when affected Microsoft scripting engines do not properly handle objects in memory, aka "Microsoft Browser Information Disclosure Vulnerability".
CVSS base score 6.5
CVSS impact score 3.6
CVSS exploitability score 2.8
- microsoft edge *
- microsoft internet_explorer 9
- microsoft internet_explorer 10
- microsoft internet_explorer 11
Ease of attack
Upgrade to the latest non-affected version of the software.
Apply the appropriate vendor supplied patches.
- Talos research team.
- This document was generated from data supplied by the national vulnerability database, a product of the national institute of standards and technology.
- For more information see nvd.