Internet Explorer is still being exploited in fall 2019 in a number of drive-by download campaigns. Internet Explorers CVE-2018-8174 is the most common vulnerabilities. New exploit kits are fueling drive-bys fueled by malvertising most often found on adult websites. Growing number of exploit kits go for fileless attacks instead of the more traditional method of dropping a payload on disk. RIG EK seems to have dropped its Flash Player exploit and instead relies solely on Internet Explorer. Some exploit kits no longer using Flash, while others are relying on much older vulnerabilities.”]
Source: https://blog.malwarebytes.com/exploits-and-vulnerabilities/2019/11/exploit-kits-fall-2019-review/