← back
CVE-2015-0072observed exploitation

CVE-2015-0072

82Vexday Risk Score

Patch now. It exploitation observed by VulnCheck and has a working public exploit.

ssvc Actepss 72%
from disclosure to weapon14 days
Published on NVDFeb 7
1st PoC+14d
metasploitFeb 1
VulnCheck+31d
exploitation probability
72%top 1% of all CVEs
observed exploitation
yesVulnCheck
1 public exploit(s)
Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 9 through 11 allows remote attackers to bypass the Same Origin Policy and inject arbitrary web script or HTML via vectors involving an IFRAME element that triggers a redirect, a second IFRAME element that does not trigger a redirect, and an eval of a WindowProxy object, aka "Universal XSS (UXSS)."
Affected products
n/a · n/a
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.