Microsoft Internet Explorer 9 Cross Site Scripting Vulnerability
15 Aug. 2016
* Microsoft Internet Explorer 9
* Microsoft Internet Explorer 10
* Microsoft Internet Explorer 11
This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
This security update is rated Critical for Internet Explorer 9 (IE 9), and Internet Explorer 11 (IE 11) on affected Windows clients, and Moderate for Internet Explorer 9 (IE 9), Internet Explorer 10 (IE 10), and Internet Explorer 11 (IE 11) on affected Windows servers. For more information, see the Affected Software section.
The update addresses the vulnerabilities by:
Modifying how Internet Explorer handles objects in memory
Modifying how the JScript and VBScript scripting engines handle objects in memory
Correcting how Windows handles proxy discovery