Microsoft Internet Explorer Erroneous IOleClientSite Data Zone Bypass Vulnerability

Microsoft Internet Explorer Erroneous IOleClientSite Data Zone Bypass Vulnerability

Microsoft Internet Explorer is prone to a zone-bypass vulnerability because the browser returns erroneous IOleClientSite when dynamically creating an embedded object. This could cause malicious script code to be executed in a security zone with fewer restrictions than the zone that the content originates from.

Attackers may exploit this issue to execute arbitrary code in the context of the currently logged-in user on the affected computer. They may also be able to execute malicious script code in the context of a site that exists in another domain. Attackers may exploit this issue through a malicious web page.