An older version of Microsoft's Internet Explorer browser has an unpatched software flaw that could allow rogue code to run on a computer, the second such flaw found in a month



From Network World:

Microsoft was told of the flaw in October, which was discovered by Belgian researcher Peter Van Eeckhoutte, according to an advisory published Wednesday by HP's Zero Day Initiative (ZDI), a program that rewards security researchers for finding software flaws.

ZDI holds off publicly publishing information on a security flaw for up to six months so a software vendor can patch it. As that period came close to expiring, ZDI said it told Microsoft on May 8 that it intended to publish details of the flaw.

  New Internet Explorer zero-day details released after Microsoft fails to patch