Security restrictions bypass in Microsoft Internet Explorer and Microsoft Edge - CVE-2016-7281
Published: December 13, 2016 / Updated: January 24, 2017
Vulnerability identifier: #VU4242
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2016-7281
CWE-ID: CWE-264
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Microsoft
Affected software:
Microsoft Internet Explorer
Microsoft Edge
Microsoft Internet Explorer
Microsoft Edge
Detailed vulnerability description
The vulnerability allows a remote attacker to bypass certain security restrictions.
The vulnerability exists due to Microsoft browsers fail to correctly apply Same Origin Policy for scripts running inside Web Workers. A remote attacker can create a specially crafted web page, trick the victim into visiting it and bypass implied Same Origin Policy.
Successful exploitation of the vulnerability may allow an attacker to obtain potentially sensitive information and perform other attacks against victim.
The vulnerability exists due to Microsoft browsers fail to correctly apply Same Origin Policy for scripts running inside Web Workers. A remote attacker can create a specially crafted web page, trick the victim into visiting it and bypass implied Same Origin Policy.
Successful exploitation of the vulnerability may allow an attacker to obtain potentially sensitive information and perform other attacks against victim.
How to mitigate CVE-2016-7281
Install update from Microsoft website.