Security → Warning: the IE's UXSS comes back. Please stop using IE immediately!

It is confirmed that the vulnerability affects Internet Explorer 10 and 11 on Windows 7 and Windows 8.1 and 10 (TP Build only)

Recently a Universal Cross-Site Scripting(UXSS) vulnerability was disclosed on the Full Disclosure mailing list. This unpatched 0day vulnerability discovered by David Leo results in a full bypass of the Same-Origin Policy(SOP) on the latest version of Internet Explorer. This article will briefly explain the technical details behind the vulnerability.

»blog.innerht.ml/ie-uxss/
»twitter.com/filedescript ··· 72430592

Are we going to get a fix next Tuesday? :P

Sure, but it'll also install Windows 10.

No worries... Microsoft Edge to the rescue!

I gave IE the (pale) Moon long ago...

Die hard fan here lol
I just can't let it go... I love IE11 on Windows 10.

What exactly does this supposed to do Dustyn??

When I create an HTM file to run it it just opens 2 frames..... 1 with google and the other with a 404 error seeing "redirect.php" is an invalid URL......

ANYONE HAVE AN ACTUAL POC??

???? This was reported in FEBRUARY. So why almost a year later is it suddenly urgent?

Also, why is Windows 8.0 with IE 10 not vulnerable?

I guess it was "patched" but the patch was useless.
»twitter.com/simps0n/stat ··· 20680960

Twitter is blocked in my hosts file so I can't read that.

It opens 2 frames within the browser window with the "Google" image logo. One of the framed images is blocked due to "unsecured content being blocked". It also displays a blank dialog box. Once you hit ok on the dialog box another one immediately appears stating: "www.google.com".
•Simplified PoC
•PoC without user interaction

Hmmm thats interesting....... On IE6 (MyIE2) you dont get a prompt about the blocked content it just shows a 404 in the frame...... (It just took a gander @ the script for it again)

Hmm. I read somewhere that with win10 MS has unbundled IE (true?). Perhaps this UXSS vuln was re-instated by MS as a ploy to push resisters to win10? Cynical (which I'm becoming) paranoiacs want to know.

Thanks Cartel. Not that it affects my browsing but I do appreciate an opportunity to publicly spank Dustyn.

I'm cynical about Microsoft also but in this case Windows Defender and MSE eat it so that's incentive to use a Microsoft AV not incentive to upgrade to Windows 10 where IE 11 is there and can be used but Edge is the default.

Installs with a clean install of the OS still? If so, does IE remain intertwined with OS code or is it uninstallable by user? Almost positive I read MS was dropping the forced IE thing.

IE 11 is still entwined in the OS. It's hidden in the release version of Windows 10 but you can find it and use it. Microsoft can't suddenly kill it because Enterprise uses it. (I can't use Edge at all because it is not a real browser and my local proxy requires a real browser. During Win 10 Enterprise beta I never got Edge to connect to the internet because I was not willing to fore-go my local proxy. Edge is an app not a browser and simply another reason I won't have Windows 10 as I use a desktop not a phone or a tablet so I need real browsers. If I did have Windows 10 release I would immediately fire up IE 11 and never use Edge. (I wouldn't use IE 11 as my default browser but I would want it so if needed I could use it. For instance, for Microsoft Update Catalog...although in Windows 10 unless it is Enterprise version the Update Catalog can't be used. Another reason among a zillion to never get Windows 10 unless Microsoft offers Enterprise version to anyone who wants it).

»answers.microsoft.com/en ··· 14ea82e8

»answers.microsoft.com/en ··· e233ba85