New Internet Explorer Zero-Day Vulnerability Publicly Disclosed; Identified in October 2013
May 21, 2014
Oh Microsoft, How could you do this to your own Internet Explorer? Microsoft had kept hidden a critical Zero-Day vulnerability of Internet explorer 8 from all of us, since October 2013. A Critical zero-day Internet Explorer vulnerability ( CVE-2014-1770 ), which was discovered by Peter 'corelanc0d3r' Van Eeckhoutte in October 2013 just goes public today by the Zero Day Initiative (ZDI) website . Zero Day Initiative is a program for rewarding security researchers for responsibly disclosing vulnerabilities. ZDI reportedly disclosed the vulnerability to Microsoft when it was first identified by one of its researchers, on which Microsoft responded 4 month later on February 2014 and confirmed the flaw, but neither the Microsoft patch the vulnerability nor it disclosed any details about it. But due to ZDI's 180 days public notification policy, they are obligated to publicly disclosed the details of a Zero-Day vulnerability. ZDI warned Microsoft several days ago ab