Hello everyone,

A Zero-day in Internet Explorer, already being actively exploited in the wild, has been publicly disclosed. CWE-415 - Double Free is a critical remote code execution vulnerability that when exploited lets remote attackers execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing ".mht" files. A remote attacker can trick the victim to visit a specially crafted webpage, trigger a double free error and execute arbitrary code on the target system.

Vulnerable versions:

Microsoft Internet Explorer 9, 10, 11 are prone to this vulnerability

Official solution:

No official solution to this vulnerability is available so far.

This vulnerability can be detected by Vulnerability Manager Plus and is available under the Zero-day vulnerability tab, titled "A zero-day vulnerability in Microsoft Internet Explorer (CWE-415 - Double Free)"

Cheers,