The Zero-Day Initiative released details on a new vulnerability in Internet Explorer 8 that was discovered in October. The vulnerability was not included in Microsoft’s May Patch Tuesday releases, so the ZDI finally released the data. No patch is available, but there are some workarounds available to fix the flaw. The ZDI, a vulnerability broker operated by HP’s TippingPoint unit, gives vendors 180 days to fix flaws before it discloses them. Using this flaw, an attacker could potentially convince a user to click on a link to a malicious website.”]
Source: https://www.darkreading.com/application-security/new-vulnerability-in-ie8-remains-unpatched