Описание
Internet Explorer Security Feature Bypass Vulnerability
A security feature bypass vulnerability exists in Internet Explorer that allows for bypassing Mixed Content warnings. This could allow for the loading of unsecure content (HTTP) from secure locations (HTTPS).
In a web-based attack scenario, an attacker could host a malicious website that is designed to exploit the security feature bypass. Alternatively, in an email or instant message attack scenario, the attacker could send the targeted user a specially crafted .url file that is designed to exploit the bypass. Additionally, compromised websites or websites that accept or host user-provided content could contain specially crafted content to exploit the security feature bypass. However, in all cases an attacker would have no way to force a user to view attacker-controlled content. Instead, an attacker would have to convince a user to take action. For example, an attacker could entice a user to either click a link that directs the user to the attacker's site or send a malicious attachment.
The security update addresses the security feature bypass by correcting how Internet Explorer handles mixed content.
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| Internet Explorer 10 on Windows Server 2012 | ||
| Internet Explorer 11 on Windows 8.1 for 32-bit systems | ||
| Internet Explorer 11 on Windows 8.1 for x64-based systems | ||
| Internet Explorer 11 on Windows Server 2012 R2 | ||
| Internet Explorer 11 on Windows RT 8.1 | ||
| Internet Explorer 11 on Windows 7 for 32-bit Systems Service Pack 1 | ||
| Internet Explorer 11 on Windows 7 for x64-based Systems Service Pack 1 | ||
| Internet Explorer 11 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 | ||
| Internet Explorer 9 on Windows Vista x64 Edition Service Pack 2 | ||
| Internet Explorer 9 on Windows Vista Service Pack 2 |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
Older Software Release
DOS
EPSS
4.6 Medium
CVSS3
Связанные уязвимости
Microsoft Internet Explorer 9 through 11 mishandles .url files from the Internet zone, which allows remote attackers to bypass intended access restrictions via a crafted file, aka "Internet Explorer Security Feature Bypass."
Microsoft Internet Explorer 9 through 11 mishandles .url files from the Internet zone, which allows remote attackers to bypass intended access restrictions via a crafted file, aka "Internet Explorer Security Feature Bypass."
Уязвимость браузера Internet Explorer, позволяющая нарушителю обойти существующие ограничения доступа
EPSS
4.6 Medium
CVSS3