Microsoft advises on IE zero-day vulnerability
Microsoft has issued a security advisory for a vulnerability in Internet Explorer 9 and 10 being exploited in the wild.
We wrote last week on the initial reports of exploits in the wild, as reported by security firm Fireeye. Fireeye and Symantec are both credited in the Microsoft advisory as having worked with Microsoft on the issue.
The vulnerability is a "use after free" remote code execution vulnerability. As in the case found by Fireeye, it can lead to a system being taken over if the user is lured to visit a web site in a vulnerable browser. The vulnerability does not, on its own, elevate privilege, so if the user is running unprivileged, the exploit will also be unprivileged.