https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-018 [No Types Assigned]

http://technet.microsoft.com/security/bulletin/MS15-018 [No Types Assigned]

http://www.securityfocus.com/archive/1/534662/100/0/threaded [No Types Assigned]

http://www.securityfocus.com/archive/1/archive/1/534662/100/0/threaded [No Types Assigned]

https://exchange.xforce.ibmcloud.com/vulnerabilities/100606 [No Types Assigned]

http://xforce.iss.net/xforce/xfdb/100606 [No Types Assigned]

Vulnerabilidad de XSS en Microsoft Internet Explorer 9 hasta la versión 11 permite a atacantes remotos eludir la Same Origin Policy e inyectar secuencias de comandos web o HTML arbitrarios a través de vectores que involucran un elemento IFRAME que desencadena una redirección, un segundo elemento IFRAME que no desencadena una redirección y una eval de un objeto WindowProxy, también conocido como "Universal XSS (UXSS)".

Vulnerabilidad de XSS en Microsoft Internet Explorer 10 y 11 permite a atacantes remotos evadir Same Origin Policy y inyectar secuencias de comandos web arbitrarios o HTML a través de vectores que involucran un elemento IFRAME que provoca una redirección, un segundo elemento IFRAME que no provoca una redirección y un objeto eval de WindowProxy, también conocido como 'Universal XSS (UXSS).'

Configuration 1
     OR
          *cpe:2.3:a:microsoft:internet_explorer:10:*:*:*:*:*:*:*
          *cpe:2.3:a:microsoft:internet_explorer:11:-:*:*:*:*:*:*

Configuration 1
     OR
          *cpe:2.3:a:microsoft:internet_explorer:9:*:*:*:*:*:*:*
          *cpe:2.3:a:microsoft:internet_explorer:10:*:*:*:*:*:*:*
          *cpe:2.3:a:microsoft:internet_explorer:11:-:*:*:*:*:*:*

http://packetstormsecurity.com/files/130308/Microsoft-Internet-Explorer-Universal-XSS-Proof-Of-Concept.html No Types Assigned

http://packetstormsecurity.com/files/130308/Microsoft-Internet-Explorer-Universal-XSS-Proof-Of-Concept.html Exploit

http://www.securitytracker.com/id/1031888

Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 10 and 11 allows remote attackers to bypass the Same Origin Policy and inject arbitrary web script or HTML via vectors involving an IFRAME element that triggers a redirect, a second IFRAME element that does not trigger a redirect, and an eval of a WindowProxy object, aka "Universal XSS (UXSS)."

Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 9 through 11 allows remote attackers to bypass the Same Origin Policy and inject arbitrary web script or HTML via vectors involving an IFRAME element that triggers a redirect, a second IFRAME element that does not trigger a redirect, and an eval of a WindowProxy object, aka "Universal XSS (UXSS)."

http://technet.microsoft.com/security/bulletin/MS15-018

http://packetstormsecurity.com/files/130308/Microsoft-Internet-Explorer-Universal-XSS-Proof-Of-Concept.html

http://secunia.com/advisories/62658

http://www.securityfocus.com/archive/1/archive/1/534662/100/0/threaded

http://www.securityfocus.com/bid/72489

http://xforce.iss.net/xforce/xfdb/100606

Configuration 1
     OR
          *cpe:2.3:a:microsoft:internet_explorer:10:*:*:*:*:*:*:*
          *cpe:2.3:a:microsoft:internet_explorer:11:-:*:*:*:*:*:*

(AV:N/AC:M/Au:N/C:N/I:P/A:N)

CWE-79

http://innerht.ml/blog/ie-uxss.html No Types Assigned

http://innerht.ml/blog/ie-uxss.html Exploit