Microsoft is aware of limited, targeted attacks that attempt to exploit a vulnerability in Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, Internet Explorer 9, Internet Explorer 10, and Internet Explorer 11.
The discovery of this vulnerability (Microsoft Advisory 2963983) is surprising since it affects every active version of Internet Explorer on every version of Microsoft's operation system.
The use-after-free vulnerability would allow for a remote code execution which could be used in phishing schemes or other exploits--including a complete take over of the affected system. An attacker who successfully takes advantage of this vulnerability could inherit the same system rights as the computer user they attack.
An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website.
The vulnerability was revealed to Microsoft by the cyber security firm FireEye. The vulnerability was announced on Microsoft's advisory service website on April 26, 2014.
SOURCE: