Internet Explorer Mobile contains four unpatched vulnerabilities

July 25, 2015


HP’s Zero Day Initiative (ZDI) Monday disclosed four unpatched zero-day vulnerabilities in Internet Explorer Mobile that can enable a remote attacker to execute arbitrary code.

Three of the bugs are use-after-free vulnerabilities that exist within the handling of CTreePos objects, CCurrentStyle objects and CAttrArray objects, advisories issued by Microsoft indicated. The fourth flaw is an out-of-bounds memory access vulnerability related to how Internet Explorer processes arrays representing cells in HTML tables, one advisory said.

Read More