Microsoft has released a new security advisory regarding a potential vulnerability in Internet Explorer (IE) reported by FireEye, and currently under investigation.
The software vendor reports that it is working closely with FireEye to investigate the reported vulnerability, which it says was found in very limited targeted attack.
The vulnerability is a “use-after-free” memory corruption and the exploit observed seems to target IE9, IE10 and IE11.
According to Microsoft, while the vulnerability affects Internet Explorer, the exploit relies deeply on two other components to successfully trigger code execution and in particular it requires presence VML and Flash components.
FireEye posted an analysis with some details and confirmed that the exploit wasn’t able to run successfully when EMET protection is added for Internet Explorer.