Qualys Blog

www.qualys.com
wkandek

Update: Multiple 0-days in Internet Explorer

Update: HP clarified that the vulnerabilities apply only to Internet Explorer Mobile for the Windows phone.

Original: HP’s Zero Day Initiative (ZDI) just published four critical 0-day vulnerabilities in Internet Explorer: ZDI-15-359, 360, 361 and 362. All of them can result in Remote Code Execution. Microsoft overstayed the 120 day fix limit that ZDI enforces on such vulnerability disclosures.

It is unlikely that exploit code exists at the moment and difficult to reverse engineer the vulnerabilities as details are sparse. There is not much you can do at the moment, except refrain from using Internet Explorer. Stay tuned for updates.

Leave a Reply