A Zero-day in Internet Explorer, already being actively exploited in the wild, has been publicly disclosed. CWE-415 - Double Free is a critical remote code execution vulnerability that when exploited lets remote attackers execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing ".mht" files. A remote attacker can trick the victim to visit a specially crafted webpage, trigger a double free error and execute arbitrary code on the target system.
Microsoft Internet Explorer 9, 10, 11 are prone to this vulnerability
No official solution to this vulnerability is available so far.
Cheers,The ManageEngine team