CVE-2015-0072

EXPLOITED

Internet Explorer 9-11 - Universal Cross-Site Scripting via IFRAME Redirect and WindowProxy Eval

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2015-0072 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 2 public exploits from researchers including dbellavista, David Leo, filedescriptor, joev, sinn3r, including a Metasploit module auxiliary/gather/ie_uxss_injection.

AI-analyzed exploit summary This is a functional Proof of Concept for CVE-2015-0072, a Universal Cross-Site Scripting (UXSS) vulnerability in Microsoft Internet Explorer. The exploit uses frame manipulation and JavaScript injection to steal cookies from targeted websites that do not set the `x-frame-options` header.

Description

Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 9 through 11 allows remote attackers to bypass the Same Origin Policy and inject arbitrary web script or HTML via vectors involving an IFRAME element that triggers a redirect, a second IFRAME element that does not trigger a redirect, and an eval of a WindowProxy object, aka "Universal XSS (UXSS)."

Exploits (2)

nomisec WORKING POC 7 stars
by dbellavista · client-side
https://github.com/dbellavista/uxss-poc

This is a functional Proof of Concept for CVE-2015-0072, a Universal Cross-Site Scripting (UXSS) vulnerability in Microsoft Internet Explorer. The exploit uses frame manipulation and JavaScript injection to steal cookies from targeted websites that do not set the `x-frame-options` header.

Classification
Working Poc 95%
Attack Type
Xss
Complexity
Moderate
Reliability
Reliable
Target: Microsoft Internet Explorer 10 and 11
No auth needed
Prerequisites: Target websites must not set the `x-frame-options` header · Victim must visit the malicious page using a vulnerable version of Internet Explorer
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC
by David Leo, filedescriptor, joev, sinn3r · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/gather/ie_uxss_injection.rb

This Metasploit module exploits a UXSS vulnerability in Internet Explorer 10 and 11 (CVE-2015-0072) by injecting JavaScript to steal cookies from a target URI. It uses iframe manipulation and postMessage to bypass same-origin policy.

Classification
Working Poc 95%
Attack Type
Xss
Complexity
Moderate
Reliability
Reliable
Target: Microsoft Internet Explorer 10 and 11
No auth needed
Prerequisites: Target must visit a malicious page · Target URI must not have X-Frame-Options
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (12)

Core 12
Core References
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/62658
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1031888
Exploit x_refsource_misc
http://innerht.ml/blog/ie-uxss.html
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/534662/100/0/threaded
Mailing List mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2015/Feb/0
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/100606
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/72489

Scores

EPSS 0.7170
EPSS Percentile 99.3%

Details

VulnCheck KEV 2015-03-10
CWE
CWE-79
Status published
Products (3)
microsoft/internet_explorer 9
microsoft/internet_explorer 10
microsoft/internet_explorer 11
Published Feb 07, 2015
Tracked Since Feb 18, 2026