| CVE ID | |
| CVSS SCORE | 6.4, AV:N/AC:L/Au:N/C:P/I:P/A:N |
| AFFECTED VENDORS |
Microsoft |
| AFFECTED PRODUCTS |
Internet Explorer |
| TREND MICRO CUSTOMER PROTECTION | Trend Micro TippingPoint IPS customers are protected against this vulnerability by Digital Vaccine protection filter ID ['19855']. For further product information on the TippingPoint IPS: http://www.tippingpoint.com |
| VULNERABILITY DETAILS |
The specific flaw exists within the window.close() method. By issuing a particular sequence of script commands, an attacker can invoke window.close() and then continue executing script for an indefinite amount of time after the window has already been closed, and even after all browser windows have been closed. The user has no visual indication that script from the attacker's web page is still executing and there is no conventional UI available for stopping it. |
| ADDITIONAL DETAILS |
Microsoft has issued an update to correct this vulnerability. More details can be found at:
https://technet.microsoft.com/library/security/MS16-023 |
| DISCLOSURE TIMELINE |
|
| CREDIT | Simon Zuckerbraun - Trend Micro Zero Day Initiative |
