Information on Microsoft Internet Explorer Universal XSS Vulnerability (CVE-2015-0072)

This article provides information about the vulnerability in Internet Explorer that can allow an attacker to bypass the same-origin policy (SOP) to steal from and inject information into other websites.

The vulnerability affects Microsoft Internet Explorer 11 on Windows 7 and Windows 8.1. Microsoft has not yet issued a patch or security advisory for this vulnerability. At this time, there are no indications that this vulnerability has been exploited in the wild. Concerned users can use an alternative browser, like Mozilla Firefox or Google Chrome, until Microsoft makes a patch available.

What action should I take?

  • Norton customers running a Norton security product are already protected against attempts to exploit the bug (vulnerability). Norton products providing this protection include:

    • Norton Internet Security

    • Norton 360

    • Norton Security

    • Norton Security with Backup

    You must have a current Norton subscription and up-to-date virus definitions and signatures to receive this protection. To know about your Norton subscription status, read Is my computer protected?

    Norton Protection leverages both antivirus and an intrusion prevention engine to deliver this protection by the following signature updates:

Thank you!

Thank you for using Norton Support.

< Back

Was this information helpful?

DOCID: v108168824_EndUserProfile_en_us
Operating System: Windows
Last modified: 05/22/2015