Researchers have disclosed a new zero day vulnerability in Internet Explorer 8 that could enable an attacker to run arbitrary code on vulnerable machines via drive-by downloads or malicious attachments in email messages. The vulnerability was discovered and disclosed to Microsoft in October, but the company has yet to produce a patch. The use-after-free flaw lies in the way that IE handles CMarkup objects, and an attacker can take advantage of it. Microsoft has not issued an advisory about the vulnerability yet, but installing the EMET toolkit, which includes exploit mitigations, is a viable method for mitigating the seriousness of the flaw.
Source: https://threatpost.com/another-internet-explorer-zero-day-surfaces/106223/