Critical Internet Explorer zero-day exploit detailed after Microsoft fails to patch it

From PC World: An older version of Microsoft’s Internet Explorer browser has an unpatched software flaw that could allow rogue code to run on a computer, the second such flaw found in a month.

Microsoft was told of the flaw in October, which was discovered by Belgian researcher Peter Van Eeckhoutte, according to an advisory published Wednesday by HP’s Zero Day Initiative (ZDI), a program that rewards security researchers for finding software flaws.

ZDI holds off publicly publishing information on a security flaw for up to six months so a software vendor can patch it. As that period came close to expiring, ZDI said it told Microsoft on May 8 that it intended to publish details of the flaw.

Microsoft’s IE 8 browser, released five years ago, still holds a 20 percent share of the desktop browser market, according to statistics for April compiled by Net Applications. Microsoft officials couldn’t be immediately reached for comment.

View: Article @ Source Site