New IE 8 Zero Day Discovered · Slashdot Mirror

Posted by samzenpus on Wednesday May 21, 2014 @11:38AM from the no-shortage dept.

Trailrunner7 (1100399) writes "Researchers have disclosed a new zero day vulnerability in Internet Explorer 8 that could enable an attacker to run arbitrary code on vulnerable machines via drive-by downloads or malicious attachments in email messages. The vulnerability was discovered and disclosed to Microsoft in October, but the company has yet to produce a patch, so HP's Zero Day Initiative, which is handling the bug, published its advisory Wednesday. The ZDI has a policy of disclosing vulnerability details after 180 days if the vendor hasn't produced a patch. The use-after-free flaw lies in the way that IE handles CMarkup objects, and ZDI's advisory says that an attacker can take advantage of it to run arbitrary code."

2 of 134 comments (clear)

Min score:

Reason:

Sort:

It is not a zero day. by 140Mandak262Jamuna · 2014-05-21 13:39 · Score: 5, Funny

According to the timeline it is a -180 day.

--
sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
Re:why are they taking so long? by lennier1 · 2014-05-21 15:47 · Score: 3, Funny

The NSA probably wanted more time to exploit it.