HP’s Zero Day Initiative (ZDI) Monday disclosed four unpatched zero-day vulnerabilities in Internet Explorer Mobile that can enable a remote attacker to execute arbitrary code.
Three of the bugs are use-after-free vulnerabilities that exist within the handling of CTreePos objects, CCurrentStyle objects and CAttrArray objects, advisories issued by Microsoft indicated. The fourth flaw is an out-of-bounds memory access vulnerability related to how Internet Explorer processes arrays representing cells in HTML tables, one advisory said.
