Zero-day CWE-415 in Internet Explorer, actively exploited in the wild

Zero-day CWE-415 in Internet Explorer, actively exploited in the wild

Hello everyone,

A Zero-day in Internet Explorer, already being actively exploited in the wild, has been publicly disclosed. CWE-415 - Double Free is a critical remote code execution vulnerability that when exploited lets remote attackers execute arbitrary code on the target system.


The vulnerability exists due to a boundary error when processing ".mht" files. A remote attacker can trick the victim to visit a specially crafted webpage, trigger a double free error and execute arbitrary code on the target system.


Vulnerable versions:

Microsoft Internet Explorer 9, 10, 11 are prone to this vulnerability


Official solution:

No official solution to this vulnerability is available so far.


 

Cheers,

The ManageEngine team
        New to M365 Manager Plus?
        New to M365 Manager Plus?
          New to RecoveryManager Plus?
          New to RecoveryManager Plus?
            New to Exchange Reporter Plus?
            New to Exchange Reporter Plus?
              New to SharePoint Manager Plus?
              New to SharePoint Manager Plus?
                See all integrations
                New to ADManager Plus?

                  New to ADSelfService Plus?

                  Start your free trial





                            Related Products