Internet Explorer Zero: Microsoft kept a critical Zero-Day Internet explorer 8 vulnerability hidden from all of us, since October 2013.
A Critical zero-day Internet Explorer vulnerability, which was discovered by Peter ‘corelanc0d3r’ Van Eeckhoutte in October 2013 just goes public today by the Zero Day Initiative (ZDI) website.
Zero Day Initiative is a program for rewarding security researchers for responsibly disclosing vulnerabilities. ZDI reportedly disclosed the vulnerability to Microsoft when it was first identified by one of its researchers, on which Microsoft responded 4 month later on February 2014 and confirmed the flaw, but neither the Microsoft patch the vulnerability nor it disclosed any details about it.
But due to ZDI’s 180 days public notification policy, they are obligated to publicly disclosed the details of a Zero-Day vulnerability. ZDI warned Microsoft several days ago about the pending public disclosure of the flaw after it completed 180 days as on April, but apparently Microsoft didn’t respond to it.