Zero-day CWE-415 in Internet Explorer, actively exploited in the wild

Zero-day CWE-415 in Internet Explorer, actively exploited in the wild

Hello everyone,

A Zero-day in Internet Explorer, already being actively exploited in the wild, has been publicly disclosed. CWE-415 - Double Free is a critical remote code execution vulnerability that when exploited lets remote attackers execute arbitrary code on the target system.

‚Äč

The vulnerability exists due to a boundary error when processing ".mht" files. A remote attacker can trick the victim to visit a specially crafted webpage, trigger a double free error and execute arbitrary code on the target system.


Vulnerable versions:

Microsoft Internet Explorer 9, 10, 11 are prone to this vulnerability


Official solution:

No official solution to this vulnerability is available so far.


 

Cheers,

The ManageEngine team