Update: Multiple 0-days in Internet Explorer

Wolfgang Kandek

Last updated on: September 6, 2020

Update: HP clarified that the vulnerabilities apply only to Internet Explorer Mobile for the Windows phone.

Original: HP’s Zero Day Initiative (ZDI) just published four critical 0-day vulnerabilities in Internet Explorer: ZDI-15-359, 360, 361 and 362. All of them can result in Remote Code Execution. Microsoft overstayed the 120 day fix limit that ZDI enforces on such vulnerability disclosures.

It is unlikely that exploit code exists at the moment and difficult to reverse engineer the vulnerabilities as details are sparse. There is not much you can do at the moment, except refrain from using Internet Explorer. Stay tuned for updates.

Share your Comments

Comments

Your email address will not be published. Required fields are marked *